GHSA-22fp-mf44-f2mq: youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization
(updated )
This advisory follows the security advisory GHSA-79w7-vh3h-8g4j published by the yt-dlp/yt-dlp project to aid remediation of the issue in the ytdl-org/youtube-dl project.
References
- github.com/advisories/GHSA-22fp-mf44-f2mq
- github.com/dirkf/youtube-dl
- github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq
- github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
- github.com/ytdl-org/youtube-dl/commit/d42a222ed541b96649396ef00e19552aef0f09ec
- github.com/ytdl-org/youtube-dl/pull/32830
- nvd.nist.gov/vuln/detail/CVE-2024-38519
- securitylab.github.com/advisories/GHSL-2024-089_youtube-dl
Code Behaviors & Features
Detect and mitigate GHSA-22fp-mf44-f2mq with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →