12 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-35934
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak...
openSUSE: Security Advisory for yt (openSUSE-SU-2023:0374-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for youtube-dl (FEDORA-2023-1f11546a48)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : youtube-dl (2023-1f11546a48)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-1f11546a48 advisory. Update to latest upstream git snapshot. Various changes, including bug fix for cookie leak vulnerability. Tenable has extracted the preceding description blo...
Fedora: Security Advisory for yt-dlp (FEDORA-2023-79e2b35ba6)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 37 : yt-dlp (2023-79e2b35ba6)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-79e2b35ba6 advisory. Update to 2023.07.06. Mitigates CVE-2023-35934 / GHSA-v8mc-9377-rwjj. ---- Update to 2023.06.22. Fixes rhbz2216612. ---- Update to 2023.06.21. Fixes...
Fedora 38 : yt-dlp (2023-9f3938e10d)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-9f3938e10d advisory. Update to 2023.07.06. Mitigates CVE-2023-35934 / GHSA-v8mc-9377-rwjj Tenable has extracted the preceding description block directly from the Fedora security...
africanwhisper (>=0.2.8 <=0.9.0), agentx-tools (>=0.2.0 <=0.7.1) +70 more potentially affected by CVE-2023-35934 via yt-dlp (>=2021.9.2 <=2023.6.22)
yt-dlp PYPI version =2021.9.2, =0.2.8, =0.2.0, =2023.3.3, =0.1.0, =0.3.0, =0.0.4, =1.4.0, =0.1.0, =1.0.2, =2.0.0a1, =11.7.1, =2.3.10, =3.0.1 and more Source cves: CVE-2023-35934 Source advisory: OSV:GHSA-V8MC-9377-RWJJ...
GHSA-V8MC-9377-RWJJ yt-dlp File Downloader cookie leak
Impact During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in all versions of...
CVE-2023-35934
CVE-2023-35934 affects yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. The issue: during file downloads, yt-dlp or its external downloaders may leak cookies by sending them as a Cookie header, including in the info JSON, causing cookies to be sent to domains/paths not scoped. All native...
CVE-2023-35934
yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host...
CVE-2023-35934 yt-dlp File Downloader cookie leak
yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host...