PyPI package
onionshare-cli
pkg:pypi/onionshare-cli
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-21694 | — | >= 2.2, < 2.5 | 2.5 | Jan 18, 2022 | OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possib | ||
| CVE-2022-21690 | — | < 2.5 | 2.5 | Jan 18, 2022 | OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is use | ||
| CVE-2022-21693 | Med | 6.3 | >= 2.3, < 2.5 | 2.5 | Jan 18, 2022 | OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can ac | |
| CVE-2022-21692 | — | >= 2.3, < 2.5 | 2.5 | Jan 18, 2022 | OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another chat participant. | ||
| CVE-2022-21689 | — | < 2.5 | 2.5 | Jan 18, 2022 | OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which c | ||
| CVE-2022-21691 | — | >= 2.3, < 2.5 | 2.5 | Jan 18, 2022 | OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming they left the chatroom. | ||
| CVE-2022-21695 | — | >= 2.3, < 2.5 | 2.5 | Jan 18, 2022 | OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of ch | ||
| CVE-2022-21688 | — | < 2.5 | 2.5 | Jan 18, 2022 | OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the | ||
| CVE-2022-21696 | — | >= 2.3, < 2.5 | 2.5 | Jan 18, 2022 | OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at t | ||
| CVE-2021-41867 | — | >= 2.3, < 2.4 | 2.4 | Oct 4, 2021 | An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature. | ||
| CVE-2021-41868 | — | >= 2.3, < 2.4 | 2.4 | Oct 4, 2021 | OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. | ||
| CVE-2018-19960 | — | <= 1.3.1 | — | Dec 7, 2018 | The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname. |
- CVE-2022-21694Jan 18, 2022affected >= 2.2, < 2.5fixed 2.5
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possib
- CVE-2022-21690Jan 18, 2022affected < 2.5fixed 2.5
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is use
- affected >= 2.3, < 2.5fixed 2.5
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can ac
- CVE-2022-21692Jan 18, 2022affected >= 2.3, < 2.5fixed 2.5
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another chat participant.
- CVE-2022-21689Jan 18, 2022affected < 2.5fixed 2.5
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which c
- CVE-2022-21691Jan 18, 2022affected >= 2.3, < 2.5fixed 2.5
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming they left the chatroom.
- CVE-2022-21695Jan 18, 2022affected >= 2.3, < 2.5fixed 2.5
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of ch
- CVE-2022-21688Jan 18, 2022affected < 2.5fixed 2.5
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the
- CVE-2022-21696Jan 18, 2022affected >= 2.3, < 2.5fixed 2.5
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at t
- CVE-2021-41867Oct 4, 2021affected >= 2.3, < 2.4fixed 2.4
An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature.
- CVE-2021-41868Oct 4, 2021affected >= 2.3, < 2.4fixed 2.4
OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality.
- CVE-2018-19960Dec 7, 2018affected <= 1.3.1
The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.