CVE-2024-1651: Deserialization of Untrusted Data in Torrentpier

February 20, 2024 (updated February 12, 2025)

Torrentpier version 2.4.1 allows executing arbitrary commands on the server.

This is possible because the application is vulnerable to insecure deserialization.

References

fluidattacks.com/advisories/xavi
github.com/advisories/GHSA-5rwm-2xw8-hh9p
github.com/torrentpier/torrentpier
nvd.nist.gov/vuln/detail/CVE-2024-1651

Code Behaviors & Features

Detect and mitigate CVE-2024-1651 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →