2 matches found
aij (>=1.0.14 <=1.2.10), aiotube (>=1.2.0 <=1.2.2) +357 more potentially affected by unknown CVE via youtube-dl (>=2015.9.22 <=2021.6.6)
youtube-dl PYPI version =2015.9.22, =1.0.14, =1.2.0, =0.0.1, =1.3.0, =0.1.0, =0.0.4, =0.0.1b1, =2.1.2, =0.4.6, =1.0.3, =0.0.2, =0.0.3 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-YOUTUBEDL-10116724...
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization
Description This advisory follows the security advisory GHSA-79w7-vh3h-8g4j published by the yt-dlp/yt-dlp project to aid remediation of the issue in the ytdl-org/youtube-dl project. Vulnerability youtube-dl does not limit the extensions of downloaded files, which could lead to arbitrary filename...