Moderate severityNVD Advisory· Published Aug 26, 2022· Updated Aug 3, 2024
CVE-2021-3427
CVE-2021-3427
Description
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
delugePyPI | < 2.1.0 | 2.1.0 |
Affected products
3- Deluge/Deluge Web-UIdescription
- ghsa-coords2 versions
< 2.1.0+ 1 more
- (no CPE)range: < 2.1.0
- (no CPE)range: < 2.1.1-3.1
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-5c8p-qhch-qhx6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3427ghsaADVISORY
- security.gentoo.org/glsa/202210-07ghsavendor-advisoryWEB
- dev.deluge-torrent.org/ticket/3459ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/deluge/PYSEC-2022-256.yamlghsaWEB
- groups.google.com/g/deluge-dev/c/e5zh7wT0rEgghsaWEB
News mentions
0No linked articles in our index yet.