Lucene search
+L

12 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-22423

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by...

9.8CVSS7.4AI score0.01292EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.5 views

TencentOS Server 4: yt-dlp (TSSA-2024:1138)

"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1138 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

9.8CVSS7.7AI score0.01292EPSS
Exploits2References2
SUSE CVE
SUSE CVE
added 2024/04/11 2:31 a.m.4 views

SUSE CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

9.8CVSS7.1AI score0.01254EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/04/10 5:7 p.m.68 views

yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)

Summary The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in --exec, alo...

9.8CVSS7.6AI score0.01254EPSS
Exploits1References9Affected Software1
vulnersOsv
vulnersOsv
added 2024/04/10 5:7 p.m.7 views

africanwhisper (>=0.2.8 <=0.9.0), agentx-tools (>=0.2.0 <=0.7.1) +114 more potentially affected by CVE-2024-22423 via yt-dlp (>=2021.9.2 <=2024.3.10)

yt-dlp PYPI version =2021.9.2, =0.2.8, =0.2.0, =2023.3.3, =0.1.0, =0.3.0, =0.1.0, =0.0.4, =0.9.0, =0.1.0, =1.4.0, =2024.3.25, =1.1.1, =0.1.0, =0.3.2 and more Source cves: CVE-2024-22423 Source advisory: OSV:GHSA-HJQ6-52GW-2G7P...

9.8CVSS7.5AI score0.01254EPSS
Exploits1
CERT
CERT
added 2024/04/10 12:0 a.m.107 views

Multiple programming languages fail to escape arguments properly in Microsoft Windows

Overview Various programming languages lack proper validation mechanisms for commands and in some cases also fail to escape arguments correctly when invoking commands within a Microsoft Windows environment. The command injection vulnerability in these programming languages, when running on Window...

10CVSS9.2AI score0.32568EPSS
Exploits14References8
UbuntuCve
UbuntuCve
added 2024/04/09 6:15 p.m.48 views

CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

9.8CVSS7AI score0.01254EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/04/09 5:22 p.m.23 views

CVE-2024-22423 yt-dlp `--exec` command injection when using `%q` in yt-dlp on Windows

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

8.3CVSS7AI score0.01254EPSS
Exploits1References7
Cvelist
Cvelist
added 2024/04/09 5:22 p.m.51 views

CVE-2024-22423 yt-dlp `--exec` command injection when using `%q` in yt-dlp on Windows

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

8.3CVSS8.5AI score0.01254EPSS
Exploits1References7
CVE
CVE
added 2024/04/09 5:22 p.m.77 views

CVE-2024-22423

VULNERABILITY DETAIL: CVE-2024-22423 affects yt-dlp where output template expansion in --exec (previously vulnerable with %q) could lead to remote command execution via environment-variable expansion. Root cause: insufficient escaping of % characters in Windows command lines, despite earlier fixe...

9.8CVSS7.9AI score0.01254EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2024/04/09 5:22 p.m.22 views

CVE-2024-22423 yt-dlp `--exec` command injection when using `%q` in yt-dlp on Windows

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

8.3CVSS8.1AI score0.01254EPSS
Exploits1References9
vulnersOsv
vulnersOsv
added 2023/09/25 5:33 p.m.10 views

africanwhisper (>=0.2.8 <=0.9.0), agentx-tools (>=0.2.0 <=0.7.1) +74 more potentially affected by CVE-2023-40581 +1 more via yt-dlp (>=2021.9.2 <=2023.7.6)

yt-dlp PYPI version =2021.9.2, =0.2.8, =0.2.0, =2023.3.3, =0.1.0, =0.3.0, =0.0.4, =1.4.0, =0.1.0, =1.0.2, =2.0.0a1, =11.7.1, =2.3.10, =3.0.1 and more Source cves: CVE-2023-40581, CVE-2024-22423 Source advisory: OSV:GHSA-42H4-V29R-42QG...

9.8CVSS7.3AI score0.01292EPSS
Exploits2
Rows per page
Query Builder