CVE-2017-7178
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-7178
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7178.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-7178
- Downstream
- Published
- 2017-03-18T20:59:00Z
- Modified
- 2025-04-20T01:37:25Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its init.py file and (2) causing the victim to download, install, and enable this plugin.
- References
-
- http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14
- http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583
- http://git.deluge-torrent.org/deluge/commit/?h=develop&id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9
- http://seclists.org/fulldisclosure/2017/Mar/6
- http://www.debian.org/security/2017/dsa-3856
- http://www.securityfocus.com/bid/97041
- https://security.gentoo.org/glsa/201703-06
- https://bugs.debian.org/857903
- https://security-tracker.debian.org/tracker/CVE-2017-7178
Affected packages
Debian:11 / deluge
Package
- Name
- deluge
- Purl
- pkg:deb/debian/deluge?arch=source
Debian:12 / deluge
Package
- Name
- deluge
- Purl
- pkg:deb/debian/deluge?arch=source
Debian:13 / deluge
Package
- Name
- deluge
- Purl
- pkg:deb/debian/deluge?arch=source