rpm package
opensuse/deluge&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/deluge&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3427 | — | < 2.1.1-3.1 | 2.1.1-3.1 | Aug 26, 2022 | The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context | ||
| CVE-2017-9031 | Cri | 9.8 | < 2.0.3-4.7 | 2.0.3-4.7 | May 17, 2017 | The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file. |
- CVE-2021-3427Aug 26, 2022affected < 2.1.1-3.1fixed 2.1.1-3.1
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context
- affected < 2.0.3-4.7fixed 2.0.3-4.7
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.