High severityNVD Advisory· Published Jan 18, 2022· Updated Apr 23, 2025

Denial of Service in Onionshare

CVE-2022-21689

Description

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered by a simple script. An adversary with access to the receive mode can block file upload for others. There is no way to block this attack in public mode due to the anonymity properties of the tor network.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
onionshare-cliPyPI	< 2.5	2.5

Affected products

Onionshare/Onionsharev5
Range: < 2.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-jh82-c5jw-pxpcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-21689ghsaADVISORY
github.com/onionshare/onionshare/releases/tag/v2.5ghsax_refsource_MISCWEB
github.com/onionshare/onionshare/security/advisories/GHSA-jh82-c5jw-pxpcghsax_refsource_CONFIRMWEB
github.com/pypa/advisory-database/tree/main/vulns/onionshare-cli/PYSEC-2022-40.yamlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000