nextcloud, owncloud
2017-10-23 14:15
2017-06-16 19:21
2017-05-10 23:45
2017-04-14 10:19
2017-04-01 21:42
2017-03-28 21:03


Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information



Release Package Reason
precise nextcloud DNE
owncloud ignored
precise/esm nextcloud DNE
owncloud DNE
trusty nextcloud DNE
vivid/stable-phone-overlay nextcloud DNE
owncloud DNE
vivid/ubuntu-core nextcloud DNE
owncloud DNE
xenial nextcloud DNE
owncloud DNE
yakkety nextcloud DNE
owncloud DNE
zesty nextcloud DNE
owncloud DNE
artful nextcloud DNE
owncloud DNE
devel nextcloud DNE
owncloud DNE

Needs Triage

Release Package Reason
upstream nextcloud needs-triage
owncloud needs-triage
trusty owncloud needs-triage