Opened 10 years ago

Closed 10 years ago

#4979 closed Bug (fixed)

Security issue

Reported by: MadIrish Owned by: jordan
Priority: Highest Milestone: 2.61
Component: Web Client Version: 2.60
Severity: Major Keywords: security, vulnerability



I'm a security researcher and I believe I've identified a vulneraiblity in Transmission. Is there a contact e-mail or other secure way to report the issue (rather than a public ticket)? Thank you for any guidance you could provide. Please feel free to e-mail instructions and PGP public keys to the e-mail provided in my account.


Change History (6)

comment:1 Changed 10 years ago by jordan

[email sent.]

comment:2 Changed 10 years ago by jordan

  • Milestone changed from None Set to 2.61
  • Owner set to jordan
  • Status changed from new to assigned

comment:3 Changed 10 years ago by jordan

Proposed fix in r13392:

  • There are a couple of cases in the Inspector where we really do need innerHTML because we're building the peer and tracker lists. In these cases, sanitize the inputs that could be used as attack vectors. For example, in the case of "<div>" + tor.getName() + "</div>", instead use sanitizeText(tor.getName()) where sanitizeText is defined at

Confirmed in Opera, FF, and Chrome to prevent the proof-of-concept provided yesterday.

Justin, any thoughts on this patch? If things look good, I'm going to propose 2.61 for this weekend.

comment:4 Changed 10 years ago by jordan

  • Component changed from Transmission to Web Client

comment:5 Changed 10 years ago by MadIrish


the patch looks good to me. Mitre has assigned CVE-2012-4037 to this issue. Please let me know if I can provide any further assistance.


comment:6 Changed 10 years ago by livings124

  • Resolution set to fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.