VDB

GCVE-110-MAGEIA-2019-379

GCVE-110-MAGEIA-2019-379
Advisory Published
Vulnetix · Advisory published December 13, 2019
In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed (CVE-2019-13640). The qbittorrent package has been updated to version 4.1.9.1, fixing this issue and several others.

Affected Products

VendorProductVersionsPlatforms
Mageiaqbittorrent4.1.9.1-1.mga7 (unaffected), 0 (affected)

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›