https://www.cvedetails.com/cve/CVE-2018-5702/ The exploit is patched in 2.93, and by a patch by Tavis Ormandy here: https://github.com/transmission/transmission/pull/468
Lots of trackers are banning this version of transmission, please update to latest version.
A commit references this bug: Author: crees Date: Wed Feb 28 21:09:37 UTC 2018 New revision: 463262 URL: https://svnweb.freebsd.org/changeset/ports/463262 Log: net-p2p/transmission-cli: Update to 2.93 - Includes DNS rebinding fix - Fixes OpenSSL 1.1 compat Note that the previous version was no longer vulnerable as FreeBSD had patches, but this reports the correct version to trackers as some were banned. PR: ports/225917 PR: ports/225915 Changes: head/net-p2p/transmission/Makefile head/net-p2p/transmission-cli/Makefile head/net-p2p/transmission-cli/distinfo head/net-p2p/transmission-cli/files/patch-fix_dns_rebinding_vuln head/net-p2p/transmission-daemon/Makefile head/net-p2p/transmission-gtk/Makefile head/net-p2p/transmission-qt4/Makefile head/net-p2p/transmission-qt5/Makefile head/www/transmission-web/Makefile
Committed. Bernard, sorry I forgot to credit you; I had actually done this work myself and was testing, but you still deserve credit. I'll follow up to the commit email.