3 matches found
Command Injection
youtubedlsharp is vulnerable to Command Injection. The vulnerability is due to unsafe argument conversion where the UseWindowsEncodingWorkaround being enabled by default, allowing malicious commands to be injected when starting yt-dlp on Windows...
CVE-2025-43858
YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting yt-dlp from a commands prompt running on Windows OS with...
GHSA-2JH5-G5CH-43Q5 YoutubeDLSharp allows command injection on windows system due to non sanitized arguments
Summary This vulnerability only apply when running on a Windows OS. An unsafe conversion of arguments allows the injection of a malicous commands when starting yt-dlp from a commands prompt. !CAUTION NOTE THAT DEPENDING ON THE CONTEXT AND WHERE THE LIBRARY IS USED, THIS MAY HAVE MORE SEVERE...