Jonatan Nyberg

**Name of the Vulnerable Software and Affected Versions** Deluge versions prior to 1.3.15 **Description** The issue involves a directory traversal vulnerability in the WebUI component. This vulnerability is related to a request where the render file name is not associated with any template file. **Recommendations** For versions prior to 1.3.15, update to version 1.3.15 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Deluge versions prior to 1.3.14 **Description** A CSRF issue was found in the web UI of Deluge. The exploitation involves hosting a crafted plugin that executes an arbitrary program from its ` init .py` file and causing the victim to download, install, and enable this plugin. **Recommendations** For Deluge versions prior to 1.3.14, update to version 1.3.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin installation feature to minimize the risk of exploitation. Avoid installing plugins from untrusted sources until the issue is resolved.