cvedb.io
CVE-2018-19960
HIGH · CVSS 7
EPSS exploitation probability: 0%
Published 2018-12-07T16:29:00.630 · Last modified 2026-06-17T01:50:11.470

Summary

The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.

Affected products

onionshare — onionshare

Does this affect you?

Add your gear to cvedb and we'll alert you only when onionshare ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.