yt-dlp

History

Simon Sawicki ff07792676 [core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423) The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly. Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details. Authored by: Grub4K		12 months ago
..
urllib	[docs] Misc Cleanup (#8977 )	1 year ago
__init__.py	[core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423)	12 months ago
_deprecated.py	[compat] Ensure submodules are imported correctly	2 years ago
_legacy.py	[networking] Remove `_CompatHTTPError` (#8871 )	1 year ago
compat_utils.py	[dependencies] Handle deprecation of `sqlite3.version` (#8167 )	2 years ago
functools.py	Remove Python 3.7 support (#8361 )	1 year ago
imghdr.py	[mhtml, cleanup] Use imghdr	3 years ago
shutil.py	[compat] Fix `shutils.move` in restricted ACL mode on BSD (#5309 )	2 years ago
types.py	Fix `e0c4db04dc` for pypy	2 years ago