yt-dlp

mirror of https://github.com/yt-dlp/yt-dlp.git synced 2025-10-27 12:40:59 +00:00

History

Simon Sawicki ff07792676 [core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423) The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly. Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details. Authored by: Grub4K		2024-04-09 18:36:13 +02:00
..
__init__.py	[compat] Ensure submodules are imported correctly	2023-07-22 18:10:35 +05:30
_deprecated.py	[compat, networking] Deprecate old functions (#2861 )	2023-07-15 16:18:35 +05:30
_legacy.py	[cleanup] Misc (#8968 )	2024-03-11 00:52:28 +05:30
_utils.py	[core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423)	2024-04-09 18:36:13 +02:00
networking.py	[networking] Strip whitespace around header values (#8802 )	2023-12-20 19:15:38 +13:00
progress.py	[fd/fragment] Improve progress calculation (#8241 )	2023-10-08 02:01:01 +02:00
traversal.py	[utils] `traverse_obj`: Convenience improvements (#9577 )	2024-04-01 02:12:03 +02:00