Veracode Vulnerability DatabaseVERACODE:47876Path Traversal
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
13.2%
yt-dlp is vulnerable to Path Traversal. The vulnerability is due to unrestricted file extensions of downloaded files resulting in arbitrary filenames and path traversal on Windows, which could allows an attacker to execute arbitrary code.
References
github.com/advisories/GHSA-79w7-vh3h-8g4j
github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq
github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a
github.com/yt-dlp/yt-dlp/releases/tag/2024.07.01
github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
github.com/ytdl-org/youtube-dl/commit/d42a222ed541b96649396ef00e19552aef0f09ec
github.com/ytdl-org/youtube-dl/pull/32830
securitylab.github.com/advisories/GHSL-2024-089_youtube-dl/
securitylab.github.com/advisories/GHSL-2024-090_yt-dlp
securitylab.github.com/advisories/GHSL-2024-090_yt-dlp/
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
13.2%