11 matches found
Command Injection
youtubedlsharp is vulnerable to Command Injection. The vulnerability is due to unsafe argument conversion where the UseWindowsEncodingWorkaround being enabled by default, allowing malicious commands to be injected when starting yt-dlp on Windows...
CVE-2025-43858
YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting yt-dlp from a commands prompt running on Windows OS with...
CVE-2025-43858
YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting yt-dlp from a commands prompt running on Windows OS with...
CVE-2025-43858 YoutubeDLSharp allows command injection on windows system due to non sanitized arguments
YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting yt-dlp from a commands prompt running on Windows OS with...
CVE-2025-43858 YoutubeDLSharp allows command injection on windows system due to non sanitized arguments
YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting yt-dlp from a commands prompt running on Windows OS with...
CVE-2025-43858 YoutubeDLSharp allows command injection on windows system due to non sanitized arguments
YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting yt-dlp from a commands prompt running on Windows OS with...
CVE-2025-43858
The CVE-2025-43858 issue affects YoutubeDLSharp where an unsafe conversion of arguments when launching yt-dlp on Windows (UseWindowsEncodingWorkaround = true by default) allows command injection. Affected versions are from 1.0.0-beta4 up to just before 1.1.2; the vulnerability occurs when argumen...
Bluegrams YoutubeDLSharp 安全漏洞
Bluegrams YoutubeDLSharp is a simple .NET wrapper library for youtube-dl and yt-dlp from Bluegrams. A security vulnerability exists in Bluegrams YoutubeDLSharp version 1.0.0-beta4 through versions prior to 1.1.2, which stems from an insecure parameter transformation that could lead to command...
Command Injection
Overview YoutubeDLSharp is a simple .NET wrapper library for youtube-dl and yt-dlp. Affected versions of this package are vulnerable to Command Injection due to improper sanitization of command line arguments. An attacker can execute arbitrary commands by injecting malicious input into the comman...
GHSA-2JH5-G5CH-43Q5 YoutubeDLSharp allows command injection on windows system due to non sanitized arguments
Summary This vulnerability only apply when running on a Windows OS. An unsafe conversion of arguments allows the injection of a malicous commands when starting yt-dlp from a commands prompt. !CAUTION NOTE THAT DEPENDING ON THE CONTEXT AND WHERE THE LIBRARY IS USED, THIS MAY HAVE MORE SEVERE...
PT-2025-17849 · Yt-Dlp +1 · Yt-Dlp +1
Name of the Vulnerable Software and Affected Versions: YoutubeDLSharp versions 1.0.0-beta4 through 1.1.2 Description: The issue is related to an unsafe conversion of arguments, allowing the injection of malicious commands when starting yt-dlp from a command prompt on Windows OS with the...