Lucene search
+L

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-2412

Malicious code in bioql PyPI...

8.3CVSS7.8AI score0.01292EPSS
Exploits1References7
NVD
NVD
added 2024/04/09 6:15 p.m.40 views

CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

9.8CVSS8AI score0.01254EPSS
Exploits1References7
CVE
CVE
added 2024/04/09 5:22 p.m.77 views

CVE-2024-22423

VULNERABILITY DETAIL: CVE-2024-22423 affects yt-dlp where output template expansion in --exec (previously vulnerable with %q) could lead to remote command execution via environment-variable expansion. Root cause: insufficient escaping of % characters in Windows command lines, despite earlier fixe...

9.8CVSS7.9AI score0.01254EPSS
Exploits1References7Affected Software1
Debian CVE
Debian CVE
added 2024/04/09 5:22 p.m.41 views

CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

9.8CVSS7.5AI score0.01254EPSS
Exploits1
Prion
Prion
added 2023/09/25 7:15 p.m.28 views

Remote code execution

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

4.4CVSS8.1AI score0.01292EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2023/09/25 6:54 p.m.63 views

CVE-2023-40581 yt-dlp command injection when using `%q` in `--exec` on Windows

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

8.3CVSS8.9AI score0.01292EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2023/09/25 6:54 p.m.62 views

CVE-2023-40581

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

8.3CVSS8.4AI score0.01292EPSS
Exploits1
OSV
OSV
added 2023/09/25 5:33 p.m.34 views

GHSA-42H4-V29R-42QG yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`

Impact yt-dlp allows the user to provide shell commands to be executed at various stages in its download process through the --exec flag. This flag allows output template expansion in its argument, so that video metadata values may be used in the shell commands. The metadata fields can be combine...

8.3CVSS8.2AI score0.01292EPSS
Exploits2References7
Rows per page
Query Builder