CVE-2021-32750

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32750

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32750.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-32750

Related

GHSA-68xh-9h7w-64qg

Published

2021-07-15T17:15:08.527Z

Modified

2025-11-14T11:54:34.614788Z

Severity

5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL with an HTML image tag and the MuWire client would try to fetch that image via clearnet, thus exposing the IP address of the user. The problem is fixed in MuWire 0.8.8. As a workaround, users can disable messaging functionality to prevent other users from sending them malicious messages.

References

https://github.com/zlatinb/muwire/security/advisories/GHSA-68xh-9h7w-64qg

Affected packages

Git / github.com/zlatinb/muwire

Affected ranges

Type: GIT
Repo: https://github.com/zlatinb/muwire
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5f229d903f09e12f6bbae31b8aab3440e58ec730

Affected versions

docker-0.*

docker-0.6.8

docker-0.6.8.1

docker-0.6.8.2

muwire-0.*

muwire-0.0.1

muwire-0.0.10

muwire-0.0.11

muwire-0.0.12

muwire-0.0.13

muwire-0.0.14

muwire-0.0.2

muwire-0.0.3

muwire-0.0.4

muwire-0.0.5

muwire-0.0.6

muwire-0.0.7

muwire-0.0.8

muwire-0.0.9

muwire-0.1.0

muwire-0.1.1

muwire-0.1.1-1

muwire-0.1.10

muwire-0.1.11

muwire-0.1.12

muwire-0.1.13

muwire-0.1.2

muwire-0.1.3

muwire-0.1.4

muwire-0.1.5

muwire-0.1.6

muwire-0.1.7

muwire-0.1.8

muwire-0.1.9

muwire-0.2.0

muwire-0.2.1

muwire-0.2.10

muwire-0.2.2

muwire-0.2.3

muwire-0.2.4

muwire-0.2.5

muwire-0.2.6

muwire-0.2.7

muwire-0.2.8

muwire-0.2.9

muwire-0.3.0

muwire-0.3.1

muwire-0.3.10

muwire-0.3.2

muwire-0.3.3

muwire-0.3.4

muwire-0.3.5

muwire-0.3.6

muwire-0.3.7

muwire-0.3.8

muwire-0.3.9

muwire-0.4.0

muwire-0.4.1

muwire-0.4.10

muwire-0.4.11

muwire-0.4.12

muwire-0.4.13

muwire-0.4.14

muwire-0.4.15

muwire-0.4.16

muwire-0.4.2

muwire-0.4.3

muwire-0.4.4

muwire-0.4.5

muwire-0.4.6

muwire-0.4.7

muwire-0.4.8

muwire-0.4.9

muwire-0.5.0

muwire-0.5.1

muwire-0.5.10

muwire-0.5.2

muwire-0.5.3

muwire-0.5.4

muwire-0.5.5

muwire-0.5.6

muwire-0.5.7

muwire-0.5.8

muwire-0.5.9

muwire-0.6.0

muwire-0.6.1

muwire-0.6.10

muwire-0.6.11

muwire-0.6.12

muwire-0.6.13

muwire-0.6.14

muwire-0.6.15

muwire-0.6.2

muwire-0.6.3

muwire-0.6.4

muwire-0.6.5

muwire-0.6.6

muwire-0.6.7

muwire-0.6.8

muwire-0.6.9

muwire-0.7.0

muwire-0.7.1

muwire-0.7.2

muwire-0.7.3

muwire-0.7.4

muwire-0.7.5

muwire-0.7.6

muwire-0.7.7

muwire-0.8.0

muwire-0.8.1

muwire-0.8.2

muwire-0.8.3

muwire-0.8.4

muwire-0.8.5

muwire-0.8.6

muwire-0.8.7

Other

plugin-mvp

test-signed-tag