The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDeluge Torrent Deluge
APPDeluge-Torrentβ€ 1.3.14
π΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References
Related vulnerabilities
CVE-2017-7178HIGH8.8ten sam produkt
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a...
CVE-2019-25585MEDIUM6.9ten sam produkt
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application ...
CVE-2019-25586MEDIUM6.9ten sam produkt
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application ...
CVE-2021-3427MEDIUM6.1ten sam produkt
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not ...