You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
yt-dlp/yt_dlp/compat
Simon Sawicki de015e9307
[core] Prevent RCE when using `--exec` with `%q` (CVE-2023-40581)
The shell escape function is now using `""` instead of `\"`. `utils.Popen` has been patched to properly quote commands.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg for reference.

Authored by: Grub4K
1 year ago
..
urllib [cleanup] Misc (#8182) 1 year ago
__init__.py [core] Prevent RCE when using `--exec` with `%q` (CVE-2023-40581) 1 year ago
_deprecated.py [compat] Ensure submodules are imported correctly 1 year ago
_legacy.py [cleanup] Misc fixes 1 year ago
compat_utils.py [dependencies] Handle deprecation of `sqlite3.version` (#8167) 1 year ago
functools.py Bugfix for 3a408f9d19 3 years ago
imghdr.py [mhtml, cleanup] Use imghdr 2 years ago
shutil.py [compat] Fix `shutils.move` in restricted ACL mode on BSD (#5309) 2 years ago
types.py Fix e0c4db04dc for pypy 1 year ago