Security: onionshare/onionshare
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
OTF-005: Improper Input Sanitation: It is possible to change the username to that of another chat participant with an additional space character at the end of the name stringGHSA-68vr-8f46-vc9f published
Jan 18, 2022 by micahfleeLow -
OTF-006: Broken Website Hardening Control: The CSP can be turned on or off but not configured for the specific needs of the websiteGHSA-h29c-wcm8-883h published
Jan 18, 2022 by micahfleeLow -
OTF-009: Improper Access Control: Authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participantsGHSA-99p8-9p2c-49j4 published
Jan 18, 2022 by micahfleeLow -
OTF-013: Improper Hardening: The filesystem restriction could be hardened and should only allow for pre-defined subfoldersGHSA-jgm9-xpfj-4fq6 published
Jan 18, 2022 by micahfleeLow -
OTF-003: Improper Access Control: Anyone with access to the chat environment can write messages disguised as another chat participantGHSA-gjj5-998g-v36v published
Jan 18, 2022 by micahfleeModerate -
OTF-004: Improper Access Control: Chat participants can spoof their channel leave message, tricking others into assuming they left the chatroomGHSA-w9m4-7w72-r766 published
Jan 18, 2022 by micahfleeModerate -
OTF-012: Denial of Service: The receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered by a simple scriptGHSA-jh82-c5jw-pxpc published
Jan 18, 2022 by micahfleeModerate -
OTF-001: Improper Input Sanitation: The path parameter of the requested URL is not sanitized before being passed to the QT frontendGHSA-ch22-x2v3-v6vq published
Jan 18, 2022 by micahfleeHigh -
OTF-014: Out-of-bounds Read: The desktop application was found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsingGHSA-x7wr-283h-5h2v published
Jan 18, 2022 by micahfleeHigh
Learn more about advisories related to onionshare/onionshare in the GitHub Advisory Database