{"uuid": "8ad9770b-a9fa-4c6e-9b11-c2064b0fe09b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39246", "type": "seen", "source": "https://t.me/cibsecurity/29402", "content": "\u203c CVE-2021-39246 \u203c\n\nTor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. If --log or --verbose is used, exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-24T22:31:02.000000Z"}