Homepage

youtube_dl@2020.11.21 vulnerabilities

YouTube video downloader

  • latest version

    2021.12.17

  • latest non vulnerable version

    2015.01.23.4

  • first published

    12 years ago

  • latest version published

    3 years ago

  • licenses detected

  • View youtube_dl package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the youtube_dl package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Incorrect Resource Transfer Between Spheres

    youtube_dl is a YouTube video downloader

    Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres via improper file extension sanitization, which could create arbitrary filenames in the download folder (and path traversal on Windows). An attacker can modify the file system and execute arbitrary code by crafting malicious filenames that bypass security checks.

    How to fix Incorrect Resource Transfer Between Spheres?

    A fix was pushed into the master branch but not yet published.

    [2015.01.25,)
    • M
    Information Exposure

    youtube_dl is a YouTube video downloader

    Affected versions of this package are vulnerable to Information Exposure. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host.

    How to fix Information Exposure?

    There is no fixed version for youtube_dl.

    [2015.01.25,)
    Go back to all versions of this package