Veracode Vulnerability DatabaseVERACODE:41231Information Disclosure
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
0.001 Low
EPSS
Percentile
47.8%
yt_dlp is vulnerable to Information Disclosure. The vulnerability exists because the cookie headers are not properly handled on HTTP redirect which allows an attacker to gain access to sensitive cookie details on unrelated sites.
References
github.com/advisories/GHSA-v8mc-9377-rwjj
github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2023.07.06.185519
github.com/yt-dlp/yt-dlp/commit/1ceb657bdd254ad961489e5060f2ccc7d556b729
github.com/yt-dlp/yt-dlp/commit/3121512228487c9c690d3d39bfd2579addf96e07
github.com/yt-dlp/yt-dlp/commit/f8b4bcc0a791274223723488bfbfc23ea3276641
github.com/yt-dlp/yt-dlp/releases/tag/2023.07.06
github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj
lists.fedoraproject.org/archives/list/[email protected]/message/5X6YT6AQE5FHM5VTQLKKJXSYBLLJF26W/
lists.fedoraproject.org/archives/list/[email protected]/message/HEOKCGVONGHR2SYUIXU33A4MKXZBDP6L/
lists.fedoraproject.org/archives/list/[email protected]/message/IM44RJL2MR2WG3ZY354C5IUEEZUJGEVA/
lists.fedoraproject.org/archives/list/[email protected]/message/M7E7CQ5S5KMZHAMCNU7V7KYNBVCPLBHG/
Related
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
0.001 Low
EPSS
Percentile
47.8%