Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
De-anonymization via message
Vulnerability Description
MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL with an HTML image tag and the MuWire client would try to fetch that image via clearnet, thus exposing the IP address of the user. The problem is fixed in MuWire 0.8.8. As a workaround, users can disable messaging functionality to prevent other users from sending them malicious messages.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
MuWire 跨站脚本漏洞
Vulnerability Description
MuWire是开源的一个文件发布和网络工具,使用12P技术保护其用户的身份。 MuWire 0.8.8版之前的桌面客户端存在跨站脚本漏洞,当攻击者发送主题行包含带有 HTML 图像标签的 URL 的消息时,MuWire 客户端将尝试通过 clearnet 获取该图像,从而暴露用户的 IP 地址。
CVSS Information
N/A
Vulnerability Type
N/A