NuytsTech Security

CVE-2017-7178

by ·

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.

Date published : 2017-03-18

http://www.securityfocus.com/bid/97041

http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14

Tags: