Vulnerabilities > Onionshare

DATE CVE VULNERABILITY TITLE RISK
2021-10-04 CVE-2021-41868 Unspecified vulnerability in Onionshare
OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality.
network
low complexity
onionshare
critical
9.8
2018-12-07 CVE-2018-19960 Improper Input Validation vulnerability in Onionshare
The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.
local
high complexity
onionshare CWE-20
7.0
2017-01-30 CVE-2016-5026 Improper Access Control vulnerability in Onionshare
hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.
local
low complexity
onionshare CWE-284
5.5