CVE-2021-35947
- Source
- https://cve.org/CVERecord?id=CVE-2021-35947
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-35947.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-35947
- Published
- 2021-09-07T19:15:08.500Z
- Modified
- 2026-04-10T04:35:16.825229Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL.
- References
Affected packages
Git / github.com/owncloud/core
Affected versions
v1.*
v1.0.0beta1
v10.*
v10.0.0
v10.0.0RC1
v10.0.0RC2
v10.0.0RC3
v10.0.0RC4
v10.0.0RC5
v10.0.0alpha
v10.0.0beta
v10.0.0beta2
v10.0.1
v10.0.10
v10.0.10RC1
v10.0.10RC2
v10.0.10RC3
v10.0.10RC4
v10.0.1RC1
v10.0.1RC2
v10.0.1RC3
v10.0.1RC4
v10.0.1RC5
v10.0.2
v10.0.2RC1
v10.0.3
v10.0.3RC1
v10.0.3beta
v10.0.3beta2
v10.0.4
v10.0.4RC1
v10.0.4RC2
v10.0.4beta1
v10.0.4beta2
v10.0.5
v10.0.5RC1
v10.0.5RC2
v10.0.5RC3
v10.0.5RC4
v10.0.8
v10.0.8RC1
v10.0.8RC2
v10.0.8RC3
v10.0.8RC4
v10.0.9
v10.0.9RC1
v10.0.9RC2
v10.0.9RC3
v10.0.9RC4
v10.0.9beta
v10.0beta2
v10.1.0
v10.1.0RC1
v10.1.0RC2
v10.1.0beta
v10.3.0alpha
v10.3.0alpha2
v10.6.0beta1
v10.7.0beta2
v10.8.0RC1
v10.8.0beta2
v3.*
v3.0
v4.*
v4.0.0
v4.0.0RC
v4.0.0RC2
v4.0.0beta
v4.0.1
v4.0.4
v4.0.5
v4.0.6
v4.5.0
v4.5.0RC1
v4.5.0RC2
v4.5.0RC3
v4.5.0beta3
v4.5.0beta4
v5.*
v5.0.0
v5.0.0RC1
v5.0.0RC2
v5.0.0RC3
v5.0.0alpha1
v5.0.0beta1
v5.0.0beta2
v6.*
v6.0.0RC1
v6.0.0RC2
v6.0.0alpha2
v6.0.0beta2
v6.0.0beta3
v6.0.0beta4
v6.0.0beta5
v7.*
v7.0.0alpha2
v7.0.0beta1
v8.*
v8.0.0
v8.0.0RC1
v8.0.0RC2
v8.0.0alpha1
v8.0.0alpha2
v8.0.0beta1
v8.0.0beta2
v8.1.0alpha1
v8.1.0alpha2
v8.1.0beta1
v8.1.0beta2
v8.1RC2
v8.2RC1
v8.2beta1
v9.*
v9.0.0beta2
v9.0.1beta2
v9.0beta1
v9.1.0RC1
v9.1.0beta1
v9.1.0beta2