A vulnerability in Deluge might allow remote attackers to execute arbitrary code.
Package | net-p2p/deluge on all architectures |
---|---|
Affected versions | < 1.3.14 |
Unaffected versions | >= 1.3.14 |
Deluge is a BitTorrent client.
A CSRF vulnerability was discovered in the web UI of Deluge.
A remote attacker could entice a user currently logged in into Deluge web UI to visit a malicious web page which uses forged requests to make Deluge download and install a Deluge plug-in provided by the attacker. The plug-in can then execute arbitrary code as the user running Deluge.
There is no known workaround at this time.
All Deluge users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-p2p/deluge-1.3.14"
Release date
March 28, 2017
Latest revision
March 28, 2017: 1
Severity
normal
Exploitable
remote
Bugzilla entries