Lucene search
K

5 matches found

Rosalinux
Rosalinux
added 2025/01/28 12:37 p.m.9 views

Advisory ROSA-SA-2025-2614

software: yt-dlp 2023.09.24 WASP: ROSA-CHROME packageevrstring: yt-dlp-2023.09.24-1 CVE-ID: CVE-2023-46121 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in yt-dlp allows an attacker to perform a MITM attack and gain access to a cookie. CVE-STATUS: The vulnerability has been resolved...

5CVSS6.9AI score0.00318EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.35 views

openSUSE: Security Advisory for yt (openSUSE-SU-2023:0374-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS6.2AI score0.01038EPSS
Exploits0References2
OSV
OSV
added 2023/11/15 2:48 p.m.23 views

GHSA-3CH3-JHC6-5R8X yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection

Impact The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. To pass extra control data between...

5CVSS4.8AI score0.00318EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2023/11/15 2:48 p.m.4 views

africanwhisper (=0.2.8), basketcase (>=1.0.5 <=3.1.1) +22 more potentially affected by CVE-2023-46121 via yt-dlp (>=2022.10.4 <=2023.10.7)

yt-dlp PYPI version =2022.10.4, =1.0.5, =0.3.0, =0.1.2, =0.3.1, =0.4.0, =0.7.0, =0.9.42, =0.14.0, =4.0.0, =1.0.5, =2022.12.4, =2023.4.15 and more Source cves: CVE-2023-46121 Source advisory: OSV:GHSA-3CH3-JHC6-5R8X...

5CVSS5.8AI score0.00318EPSS
Exploits0
CVE
CVE
added 2023/11/14 11:31 p.m.70 views

CVE-2023-46121

CVE-2023-46121 – yt-dlp Generic Extractor MitM vulnerability affects the yt-dlp project (a fork of youtube-dl) where the Generic Extractor could be fed an arbitrary proxy via a crafted URL, enabling a man-in-the-middle on the HTTP session and potential cookie exfiltration. Technical details acros...

5CVSS4.9AI score0.00318EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder