DSA-4650-1 qbittorrent -- qbittorrentID: oval:org.secpod.oval:def:604797 | Date: (C)2020-04-13 (M)2023-11-13 |
Class: PATCH | Family: unix |
Miguel Onoro reported that qbittorrent, a bittorrent client with a Qt5 GUI user interface, allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, which could result in remote command execution via a crafted name within an RSS feed if qbittorrent is configured to run an external program on torrent completion.
Platform: |
Debian 10.x |
Debian 9.x |