PT-2021-23438 · Unknown+1 · Onionshare+1

Byr00T

·

Published

2021-10-04

·

Updated

2024-06-15

·

CVE-2021-41868

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OnionShare versions 2.3 through 2.3
Description The issue allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality.
Recommendations For OnionShare version 2.3, update to version 2.4 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2021-41868
GHSA-7G47-XXFF-9P85
OPENSUSE-SU-2024:11557-1
OPENSUSE-SU-2024:13635-1

Affected Products

Debian
Onionshare