rudloff/alltube is vulnerable to server-side request forgery. An attacker is able to pass malicious parameters which are directly fed into the youtube-dl command, allowing the attacker to perform malicious redirect, internal port scanning and obtaining sensitive information about services on localhost and sending requests to them.
CPE | Name | Operator | Version |
---|---|---|---|
rudloff/alltube | le | 3.0.1 | |
rudloff/alltube | le | 3.0.1 |