Search criteria
9 vulnerabilities found for deluge by deluge-torrent
FKIE_CVE-2021-3427
Vulnerability from fkie_nvd - Published: 2022-08-26 16:15 - Updated: 2024-11-21 06:21
Severity ?
Summary
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://dev.deluge-torrent.org/ticket/3459 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| secalert@redhat.com | https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg | Exploit, Issue Tracking, Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202210-07 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dev.deluge-torrent.org/ticket/3459 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg | Exploit, Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202210-07 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| deluge-torrent | deluge | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deluge-torrent:deluge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "931E1242-09AE-4B13-85C0-39CD98E2726C",
"versionEndExcluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it\u0027s interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user\u0027s browser session."
},
{
"lang": "es",
"value": "Deluge Web-UI es vulnerable a un ataque de tipo XSS mediante un archivo torrent dise\u00f1ado. Los datos de los archivos torrent no son saneados apropiadamente, ya que son interpretados directamente como HTML. Alguien que suministre al usuario un archivo torrent malicioso puede ejecutar c\u00f3digo Javascript arbitrario en el contexto de la sesi\u00f3n del navegador del usuario."
}
],
"id": "CVE-2021-3427",
"lastModified": "2024-11-21T06:21:28.933",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-26T16:15:08.803",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://dev.deluge-torrent.org/ticket/3459"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://dev.deluge-torrent.org/ticket/3459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-07"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2017-9031
Vulnerability from fkie_nvd - Published: 2017-05-17 19:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15 | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3856 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/99099 | ||
| cve@mitre.org | https://bugs.debian.org/862611 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3856 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/862611 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| deluge-torrent | deluge | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deluge-torrent:deluge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45F401D7-78C0-4456-99A2-1BDDF8D62D63",
"versionEndIncluding": "1.3.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file."
},
{
"lang": "es",
"value": "El componente WebUI de Deluge anterior a versi\u00f3n 1.3.15, contiene una vulnerabilidad de salto de directorio que implica una petici\u00f3n en la que el nombre del archivo de renderizado no est\u00e1 asociado a ning\u00fan archivo de plantilla."
}
],
"id": "CVE-2017-9031",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-17T19:29:00.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=41acade01ae88f7b7bbdba308a0886771aa582fd"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/99099"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/862611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=41acade01ae88f7b7bbdba308a0886771aa582fd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/99099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/862611"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-7178
Vulnerability from fkie_nvd - Published: 2017-03-18 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| deluge-torrent | deluge | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deluge-torrent:deluge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5143F5-3625-401D-870C-01FD637362EE",
"versionEndExcluding": "1.3.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin."
},
{
"lang": "es",
"value": "CSRF ha sido descubierto en la interfaz web de usuario en Deluge en versiones anteriores a 1.3.14. La metodolog\u00eda de explotaci\u00f3n implica (1) alojamiento de un plugin manipulado que ejecuta un programa arbitrario desde el archivo __init__.py y (2) provocando que la victima descargue, instale y habilite este complemento."
}
],
"id": "CVE-2017-7178",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-18T20:59:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=318ab179865e0707d7945edc3a13a464a108d583"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=develop\u0026id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97041"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/857903"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201703-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=318ab179865e0707d7945edc3a13a464a108d583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=develop\u0026id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/857903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201703-06"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-3427 (GCVE-0-2021-3427)
Vulnerability from cvelistv5 – Published: 2022-08-26 00:00 – Updated: 2024-08-03 16:53
VLAI?
Summary
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.
Severity ?
No CVSS data available.
CWE
- CWE-79 - - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Deluge-web |
Affected:
Not-Known
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://dev.deluge-torrent.org/ticket/3459"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg"
},
{
"name": "GLSA-202210-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Deluge-web",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Not-Known"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it\u0027s interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user\u0027s browser session."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 - Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://dev.deluge-torrent.org/ticket/3459"
},
{
"url": "https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg"
},
{
"name": "GLSA-202210-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-07"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3427",
"datePublished": "2022-08-26T00:00:00",
"dateReserved": "2021-03-10T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9031 (GCVE-0-2017-9031)
Vulnerability from cvelistv5 – Published: 2017-05-17 19:00 – Updated: 2024-08-05 16:55
VLAI?
Summary
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:21.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99099",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99099"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15"
},
{
"name": "DSA-3856",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/862611"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=41acade01ae88f7b7bbdba308a0886771aa582fd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99099",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99099"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15"
},
{
"name": "DSA-3856",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/862611"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=41acade01ae88f7b7bbdba308a0886771aa582fd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99099"
},
{
"name": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15",
"refsource": "CONFIRM",
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15"
},
{
"name": "DSA-3856",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"name": "https://bugs.debian.org/862611",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/862611"
},
{
"name": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=41acade01ae88f7b7bbdba308a0886771aa582fd",
"refsource": "CONFIRM",
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=41acade01ae88f7b7bbdba308a0886771aa582fd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9031",
"datePublished": "2017-05-17T19:00:00",
"dateReserved": "2017-05-17T00:00:00",
"dateUpdated": "2024-08-05T16:55:21.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7178 (GCVE-0-2017-7178)
Vulnerability from cvelistv5 – Published: 2017-03-18 20:10 – Updated: 2024-08-05 15:56
VLAI?
Summary
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=develop\u0026id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14"
},
{
"name": "97041",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97041"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/857903"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/6"
},
{
"name": "DSA-3856",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"name": "GLSA-201703-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201703-06"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=318ab179865e0707d7945edc3a13a464a108d583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=develop\u0026id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14"
},
{
"name": "97041",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97041"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/857903"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/6"
},
{
"name": "DSA-3856",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"name": "GLSA-201703-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201703-06"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=318ab179865e0707d7945edc3a13a464a108d583"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.deluge-torrent.org/deluge/commit/?h=develop\u0026id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9",
"refsource": "MISC",
"url": "http://git.deluge-torrent.org/deluge/commit/?h=develop\u0026id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9"
},
{
"name": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14",
"refsource": "CONFIRM",
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14"
},
{
"name": "97041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97041"
},
{
"name": "https://bugs.debian.org/857903",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/857903"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/6",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/6"
},
{
"name": "DSA-3856",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"name": "GLSA-201703-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201703-06"
},
{
"name": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=318ab179865e0707d7945edc3a13a464a108d583",
"refsource": "MISC",
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=318ab179865e0707d7945edc3a13a464a108d583"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7178",
"datePublished": "2017-03-18T20:10:00",
"dateReserved": "2017-03-18T00:00:00",
"dateUpdated": "2024-08-05T15:56:36.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3427 (GCVE-0-2021-3427)
Vulnerability from nvd – Published: 2022-08-26 00:00 – Updated: 2024-08-03 16:53
VLAI?
Summary
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.
Severity ?
No CVSS data available.
CWE
- CWE-79 - - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Deluge-web |
Affected:
Not-Known
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://dev.deluge-torrent.org/ticket/3459"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg"
},
{
"name": "GLSA-202210-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Deluge-web",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Not-Known"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it\u0027s interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user\u0027s browser session."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 - Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://dev.deluge-torrent.org/ticket/3459"
},
{
"url": "https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg"
},
{
"name": "GLSA-202210-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-07"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3427",
"datePublished": "2022-08-26T00:00:00",
"dateReserved": "2021-03-10T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9031 (GCVE-0-2017-9031)
Vulnerability from nvd – Published: 2017-05-17 19:00 – Updated: 2024-08-05 16:55
VLAI?
Summary
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:21.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99099",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99099"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15"
},
{
"name": "DSA-3856",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/862611"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=41acade01ae88f7b7bbdba308a0886771aa582fd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99099",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99099"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15"
},
{
"name": "DSA-3856",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/862611"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=41acade01ae88f7b7bbdba308a0886771aa582fd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99099"
},
{
"name": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15",
"refsource": "CONFIRM",
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15"
},
{
"name": "DSA-3856",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"name": "https://bugs.debian.org/862611",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/862611"
},
{
"name": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=41acade01ae88f7b7bbdba308a0886771aa582fd",
"refsource": "CONFIRM",
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=41acade01ae88f7b7bbdba308a0886771aa582fd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9031",
"datePublished": "2017-05-17T19:00:00",
"dateReserved": "2017-05-17T00:00:00",
"dateUpdated": "2024-08-05T16:55:21.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7178 (GCVE-0-2017-7178)
Vulnerability from nvd – Published: 2017-03-18 20:10 – Updated: 2024-08-05 15:56
VLAI?
Summary
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=develop\u0026id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14"
},
{
"name": "97041",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97041"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/857903"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/6"
},
{
"name": "DSA-3856",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"name": "GLSA-201703-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201703-06"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=318ab179865e0707d7945edc3a13a464a108d583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=develop\u0026id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14"
},
{
"name": "97041",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97041"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/857903"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/6"
},
{
"name": "DSA-3856",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"name": "GLSA-201703-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201703-06"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=318ab179865e0707d7945edc3a13a464a108d583"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.deluge-torrent.org/deluge/commit/?h=develop\u0026id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9",
"refsource": "MISC",
"url": "http://git.deluge-torrent.org/deluge/commit/?h=develop\u0026id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9"
},
{
"name": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14",
"refsource": "CONFIRM",
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14"
},
{
"name": "97041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97041"
},
{
"name": "https://bugs.debian.org/857903",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/857903"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/6",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/6"
},
{
"name": "DSA-3856",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"name": "GLSA-201703-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201703-06"
},
{
"name": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=318ab179865e0707d7945edc3a13a464a108d583",
"refsource": "MISC",
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable\u0026id=318ab179865e0707d7945edc3a13a464a108d583"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7178",
"datePublished": "2017-03-18T20:10:00",
"dateReserved": "2017-03-18T00:00:00",
"dateUpdated": "2024-08-05T15:56:36.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}