Hi! Salvatore Bonaccorso:
> So it will additionally allow potentially denial of service on > multi-user systems. > > Not sure if the grave severity is warranted, though, will leave this > discussion to you both :) Ack, grave sounds a bit grave. > For tracking the issue, I have requested a CVE from MITRE, which got > assigned CVE-2018-19960. Thank you. I've asked upstream to fix it yesterday, and they did. So I'll upload a newer version of onionshare a bit later this week (probably not today though). Cheers! u.