Moderate severityNVD Advisory· Published Jan 18, 2022· Updated Apr 23, 2025
Username spoofing in OnionShare
CVE-2022-21696
Description
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the name string. An adversary with access to the chat environment can use the rename feature to impersonate other participants by adding whitespace characters at the end of the username.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
onionshare-cliPyPI | >= 2.3, < 2.5 | 2.5 |
Affected products
4- ghsa-coords3 versionspkg:pypi/onionshare-clipkg:rpm/opensuse/python3-onionshare&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-onionshare&distro=openSUSE%20Tumbleweed
>= 2.3, < 2.5+ 2 more
- (no CPE)range: >= 2.3, < 2.5
- (no CPE)range: < 2.6-4.1
- (no CPE)range: < 2.5-1.1
- Range: < 2.5
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-68vr-8f46-vc9fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-21696ghsaADVISORY
- github.com/onionshare/onionshare/releases/tag/v2.5ghsax_refsource_MISCWEB
- github.com/onionshare/onionshare/security/advisories/GHSA-68vr-8f46-vc9fghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/onionshare-cli/PYSEC-2022-47.yamlghsaWEB
News mentions
0No linked articles in our index yet.