yt-dlp

vulnerable: 2021.1.15 ... 2023.6.22 (72 versions)

yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for down…

vulnerable: 2021.10.10 ... 2023.7.6 (51 versions)

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expans…

vulnerable: 2022.10.4 ... 2023.9.24 (15 versions)

yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from …

vulnerable: 2021.10.10 ... 2024.4.8.232708.dev0 (139 versions)

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not…

vulnerable: 2021.1.15 ... 2024.6.30.232744.dev0 (201 versions)

`yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the downl…