You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
yt-dlp/yt_dlp
Simon Sawicki de015e9307
[core] Prevent RCE when using `--exec` with `%q` (CVE-2023-40581)
The shell escape function is now using `""` instead of `\"`. `utils.Popen` has been patched to properly quote commands.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg for reference.

Authored by: Grub4K
1 year ago
..
__pyinstaller [build] Make sure deprecated modules are added 1 year ago
compat [core] Prevent RCE when using `--exec` with `%q` (CVE-2023-40581) 1 year ago
dependencies [dependencies] Handle deprecation of `sqlite3.version` (#8167) 1 year ago
downloader [cleanup] Misc fixes 1 year ago
extractor [ie/nfl.com:plus:replay] Fix extractor (#7838) 1 year ago
networking [cleanup] Misc (#8182) 1 year ago
postprocessor [core] Prevent RCE when using `--exec` with `%q` (CVE-2023-40581) 1 year ago
utils [core] Prevent RCE when using `--exec` with `%q` (CVE-2023-40581) 1 year ago
YoutubeDL.py [core] Raise minimum recommended Python version to 3.8 (#8183) 1 year ago
__init__.py [compat, networking] Deprecate old functions (#2861) 1 year ago
__main__.py [cleanup] Misc 2 years ago
aes.py [dependencies] Simplify `Cryptodome` 2 years ago
cache.py [cleanup] Misc 2 years ago
casefold.py Update to ytdl-commit-07af47 1 year ago
cookies.py [cookies] Containers JSON should be opened as utf-8 (#7800) 1 year ago
jsinterp.py Update to ytdl-commit-07af47 1 year ago
minicurses.py
options.py Improve `--download-sections` 1 year ago
plugins.py [plugins] Don't look in `.egg` directories 2 years ago
socks.py [networking] Fix various socks proxy bugs (#8065) 1 year ago
update.py [core] Raise minimum recommended Python version to 3.8 (#8183) 1 year ago
version.py Release 2023.07.06 1 year ago
webvtt.py [webvtt] Handle premature EOF 2 years ago