Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path traversal in Onionshare
Vulnerability Description
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive files in the entire user home folder. This could lead to the leaking of sensitive data. Due to the automatic exclusion of hidden folders, the impact is reduced. This can be mitigated by usage of the flatpak release.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
OnionShare 路径遍历漏洞
Vulnerability Description
OnionShare是一种开源工具。用于安全且匿名地共享文件、托管网站以及使用 Tor 网络与朋友聊天。 OnionShare存在安全漏洞,该漏洞源于OnionShare 是一个开源工具,可让您安全匿名地共享文件、托管网站以及使用 Tor 网络与朋友聊天。在受影响的版本中,具有允许从 Onionshare 进程上下文访问文件系统的原语的对手可以访问整个用户主文件夹中的敏感文件。这可能导致敏感数据泄露。由于隐藏文件夹的自动排除,减少了影响。这可以通过使用 flatpak 版本来缓解。
CVSS Information
N/A
Vulnerability Type
N/A