Medium severity6.3NVD Advisory· Published Jan 18, 2022· Updated Apr 3, 2026
CVE-2022-21693
CVE-2022-21693
Description
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive files in the entire user home folder. This could lead to the leaking of sensitive data. Due to the automatic exclusion of hidden folders, the impact is reduced. This can be mitigated by usage of the flatpak release.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
onionshare-cliPyPI | >= 2.3, < 2.5 | 2.5 |
Affected products
1Patches
26642c25959f16642c25959f1Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-jgm9-xpfj-4fq6ghsaADVISORY
- github.com/onionshare/onionshare/releases/tag/v2.5nvdRelease NotesThird Party AdvisoryWEB
- github.com/onionshare/onionshare/security/advisories/GHSA-jgm9-xpfj-4fq6nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-21693ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/onionshare-cli/PYSEC-2022-44.yamlghsaWEB
News mentions
0No linked articles in our index yet.