Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Transmission 安全漏洞
Vulnerability Description
Transmission是Transmission项目组开发的一款使用在Linux及Mac OS X平台下的免费BitTorrent(BT)客户端,它支持数据加密、损坏修复和制作种子等。 Transmission 2.92及之前版本中存在安全漏洞。远程攻击者可通过向/transmission/rpc发送POST参数并借助DNS重绑定攻击利用该漏洞执行任意的RPC命令,对任意文件执行写入操作。
CVSS Information
N/A
Vulnerability Type
N/A