{"id":"CVE-2017-7178","details":"CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.","modified":"2026-05-15T12:03:24.663912715Z","published":"2017-03-18T20:59:00.203Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux","source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"}]}]},"references":[{"type":"ADVISORY","url":"http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3856"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97041"},{"type":"ADVISORY","url":"https://bugs.debian.org/857903"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201703-06"},{"type":"FIX","url":"http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583"},{"type":"FIX","url":"http://git.deluge-torrent.org/deluge/commit/?h=develop&id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9"},{"type":"FIX","url":"http://seclists.org/fulldisclosure/2017/Mar/6"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}