yt-dlp

mirror of https://github.com/yt-dlp/yt-dlp.git synced 2025-03-03 03:11:43 +00:00

History

Simon Sawicki ff07792676 [core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423) The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly. Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details. Authored by: Grub4K		2024-04-09 18:36:13 +02:00
..
urllib
__init__.py	[core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423)	2024-04-09 18:36:13 +02:00
_deprecated.py	[compat] Ensure submodules are imported correctly	2023-07-22 18:10:35 +05:30
_legacy.py
compat_utils.py
functools.py
imghdr.py
shutil.py	[compat] Fix `shutils.move` in restricted ACL mode on BSD (#5309 )	2022-11-07 20:54:30 +05:30
types.py