CVE-2017-7178
- Source
- https://cve.org/CVERecord?id=CVE-2017-7178
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7178.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-7178
- Downstream
- Published
- 2017-03-18T20:59:00.203Z
- Modified
- 2026-04-11T12:01:40.675815Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its init.py file and (2) causing the victim to download, install, and enable this plugin.
- Database specific
{ "unresolved_ranges": [ { "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "8.0" } ] } ] }- References
-
- http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14
- http://www.debian.org/security/2017/dsa-3856
- http://www.securityfocus.com/bid/97041
- https://bugs.debian.org/857903
- https://security.gentoo.org/glsa/201703-06
- http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583
- http://git.deluge-torrent.org/deluge/commit/?h=develop&id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9
- http://seclists.org/fulldisclosure/2017/Mar/6
Affected packages
Git / github.com/deluge-torrent/deluge
Affected ranges
- Type
- GIT
- Repo
- https://github.com/deluge-torrent/deluge
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "cpe": "cpe:2.3:a:deluge-torrent:deluge:*:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "fixed": "1.3.14" } ] }