High severity8.8NVD Advisory· Published Mar 18, 2017· Updated May 13, 2026
CVE-2017-7178
CVE-2017-7178
Description
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.
Affected products
2- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.deluge-torrent.org/deluge/commit/nvdPatchVendor Advisory
- git.deluge-torrent.org/deluge/commit/nvdPatchVendor Advisory
- seclists.org/fulldisclosure/2017/Mar/6nvdExploitMailing ListPatchThird Party AdvisoryVDB Entry
- dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14nvdRelease NotesVendor Advisory
- www.debian.org/security/2017/dsa-3856nvdThird Party Advisory
- www.securityfocus.com/bid/97041nvdThird Party AdvisoryVDB Entry
- bugs.debian.org/857903nvdThird Party Advisory
- security.gentoo.org/glsa/201703-06nvdThird Party Advisory
News mentions
0No linked articles in our index yet.