Onionshare: >> Onionshare Security Vulnerabilities
OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-10-04
The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.
CVSS Score
7.0
EPSS Score
0.0
Published
2018-12-07
hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-01-30
Page 2