EPSS
Percentile
26.2%
onionshare-cli allows invisible chat participants. Any user (public or authenticated) is able to send chats without being visible in the chat list due to lack of secure validation of active users in a chat environment session.
github.com/onionshare/onionshare/commit/5f5b761fcf59a903b8636843cbcba9bc907c2be3
github.com/onionshare/onionshare/commit/6429392a405c2812a04ad4c7653d885e7595e255
github.com/onionshare/onionshare/releases/tag/v2.5
github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4