{"id":"USN-7625-1","summary":"onionshare vulnerabilities","details":"It was discovered that OnionShare could be exploited when run with\nthe --debug argument. A local attacker could possibly use this\nissue to access sensitive information. This issue only affected\nUbuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19960)\n\nIt was discovered that OnionShare could be blocked from uploading\nfiles. An attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-21689)","modified":"2026-02-10T04:49:33Z","published":"2025-07-08T13:24:07Z","related":["UBUNTU-CVE-2018-19960","UBUNTU-CVE-2022-21689"],"upstream":["CVE-2018-19960","CVE-2022-21689","UBUNTU-CVE-2018-19960","UBUNTU-CVE-2022-21689"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7625-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-19960"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-21689"}],"affected":[{"package":{"name":"onionshare","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/onionshare@0.8.1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.1-1ubuntu0.1~esm1"}]}],"versions":["0.7-1","0.7.1-1","0.8.1-1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.8.1-1ubuntu0.1~esm1","binary_name":"onionshare"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7625-1.json","cves_map":{"cves":[{"id":"CVE-2018-19960","severity":[{"score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"onionshare","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/onionshare@0.9.2-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.2-1ubuntu0.1~esm1"}]}],"versions":["0.9.2-1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.9.2-1ubuntu0.1~esm1","binary_name":"onionshare"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7625-1.json","cves_map":{"cves":[{"id":"CVE-2018-19960","severity":[{"score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"onionshare","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/onionshare@2.2-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2-1ubuntu0.1~esm1"}]}],"versions":["2.1-1","2.2-1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.2-1ubuntu0.1~esm1","binary_name":"onionshare"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7625-1.json","cves_map":{"cves":[{"id":"CVE-2022-21689","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"onionshare","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/onionshare@2.2-3ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2-3ubuntu0.1~esm1"}]}],"versions":["2.2-3"],"ecosystem_specific":{"binaries":[{"binary_version":"2.2-3ubuntu0.1~esm1","binary_name":"onionshare"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7625-1.json","cves_map":{"cves":[{"id":"CVE-2022-21689","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}}],"schema_version":"1.7.3"}