Skip to main content

Onionshare

5 CVEs product

Monthly

CVE-2022-21693 PyPI MEDIUM PATCH This Month

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Information Disclosure Onionshare
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.4%
CVE-2021-41868 PyPI CRITICAL POC PATCH Act Now

OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Onionshare
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-41867 PyPI MEDIUM POC PATCH This Month

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Onionshare
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2018-19960 HIGH This Week

The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Onionshare
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2016-5026 MEDIUM PATCH This Month

hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Onionshare
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Information Disclosure Onionshare
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Onionshare
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Onionshare
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Onionshare
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Onionshare
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy