yt-dlp@2021.4.11 vulnerabilities
A feature-rich command-line audio/video downloader
-
latest version
2024.11.27.232921.dev0
-
latest non vulnerable version
-
first published
4 years ago
-
latest version published
a day ago
-
licenses detected
- [2021.1.15,2024.2.13.232701.dev0)
Direct Vulnerabilities
Known vulnerabilities in the yt-dlp package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Directory Traversal in the Note: This vulnerability is only exploitable on Windows. How to fix Directory Traversal? Upgrade |
[,2024.7.1)
|
yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to OS Command Injection due to insufficient escaping of double quotes in the How to fix OS Command Injection? Upgrade |
[2021.4.11,2024.4.9)
|
yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to OS Command Injection due to improper escaping of special characters in the Note:
This is only exploitable if How to fix OS Command Injection? Upgrade |
[2021.4.11,2023.9.24)
|
yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Information Exposure. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. How to fix Information Exposure? Upgrade |
[,2023.7.6)
|
yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
[,2023.2.17)
|