From latesthackingnews.com
According to a recent advisory from the IHTeam, their researchers spotted two security vulnerabilities in OnionShare. Briefly, OnionShare is an open-source communication service offering secure chats, file sharing, and other communication features. The tool works over the Tor network and is popular among security researchers, journalists, and whistleblowers for private communications. Regarding the bugs, the first of these includes an unauthenticated file upload (CVE-2021-41868). The bug existed due to a logic issue in the receive_mode.py function that allowed anyone to upload a file in a remote OnionShare instance before an authentication check.