CVE-2021-32679Improper Encoding or Escaping of Output in Security-advisories

CWE-116Improper Encoding or Escaping of Output2 documents2 sources
Severity
8.8HIGHNVD
CNA3.5
EPSS
0.8%
top 25.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Nextcloud Security-advisoriesNextcloud ServerFedoraproject Fedora
Timeline
PublishedJul 12

Description

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a benign file extension. This would show in UI behaviours where Nextcloud applications would display a benign file extension (e.g. JPEG), but the file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDnextcloud/nextcloud_server20.0.020.0.11+2
CVEListV5nextcloud/security-advisories< 19.0.13+2

Also affects: Fedora 33, 34

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Filenames not escaped by default in controllers using DownloadResponse2021-07-12
CVE-2021-32679 — Security-advisories vulnerability | cvebase