CVE-2021-39220

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-39220
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39220.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-39220
Related
  • GHSA-6q9v-wm8r-rcv5
Published
2021-10-25T19:15:09.577Z
Modified
2026-04-10T04:37:03.716600Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading.

References

Affected packages

Git / github.com/nextcloud/mail

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/mail
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f6780562b1d5a1ed49dbc58f3618b99c8639576f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.10.4"
        }
    ]
}

Affected versions

1.*
1.10.0-alpha.7
1.6.2
Other
nighly-20170831
nightly-20161202
nightly-20161208
nightly-20161218
nightly-20170117
nightly-20170612
nightly-20170823
nightly-20170831
nightly-20170906
nightly-20170913
nightly-20171127
nightly-20171212
nightly-20180410
nightly-20200115
nightly-20200423
nightly-20200427
nightly-20200506
nightly-20200513
untagged-bd8a3cab1eb0022ec683
v0.*
v0.1.0
v0.1.3
v0.10.0
v0.11.0
v0.12.0
v0.12.0-RC2
v0.12.0-RC3
v0.12.0-alpha3
v0.12.0-beta1
v0.12.0-beta2
v0.12.0-beta4
v0.12.0-beta5
v0.13.0
v0.14.0
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.15.4
v0.15.5
v0.16.0
v0.17.0
v0.18.0
v0.18.0-RC1
v0.18.1
v0.19.0
v0.19.1
v0.2.0
v0.20.0
v0.20.1
v0.20.2
v0.20.3
v0.21.0
v0.21.1
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v0.6.2
v0.7.0
v0.7.1
v0.7.10
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.0-alpha1
v0.8.0-beta1
v0.8.1
v0.8.2
v0.8.3
v0.9.0
v1.*
v1.0.0
v1.1.0
v1.1.1
v1.1.2
v1.10.0
v1.10.0-RC.1
v1.10.0-RC.2
v1.10.0-alpha.4
v1.10.0-alpha.6
v1.10.0-alpha.7
v1.10.1
v1.10.2
v1.10.3
v1.3.0
v1.3.0-RC1
v1.3.0-beta1
v1.3.0-beta2
v1.3.0-beta3
v1.3.1
v1.3.2
v1.3.3
v1.4.0-beta1
v1.4.0-beta2
v1.4.0-rc1
v1.5.0
v1.5.0-alpha3
v1.5.0-beta1
v1.5.0-beta2
v1.5.0-beta3
v1.5.0-rc1
v1.5.0-rc2
v1.6.0
v1.7.0
v1.8.0
v1.9.0
v1.9.0-alpha2
v1.9.0-alpha3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39220.json"