MarcoBuster/yt-dlp
1
0
Fork 0
mirror of https://github.com/yt-dlp/yt-dlp.git synced 2025-01-12 13:35:53 +01:00
Code Issues Projects Releases Wiki Activity
yt-dlp/yt_dlp/postprocessor
History
Simon Sawicki de015e9307
[core] Prevent RCE when using --exec with %q (CVE-2023-40581) 
The shell escape function is now using `""` instead of `\"`. `utils.Popen` has been patched to properly quote commands.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg for reference.

Authored by: Grub4K
2023-09-24 02:29:01 +02:00
..
__init__.py
Improve plugin architecture (#5553)
2023-01-01 04:29:22 +00:00
common.py
[compat, networking] Deprecate old functions (#2861)
2023-07-15 16:18:35 +05:30
embedthumbnail.py
[pp/EmbedThumbnail] Support m4v (#7583)
2023-07-14 02:09:21 +05:30
exec.py
[core] Prevent RCE when using --exec with %q (CVE-2023-40581)
2023-09-24 02:29:01 +02:00
ffmpeg.py
[FFmpegFixupM3u8PP] Check audio codec before fixup (#6778)
2023-04-13 19:21:09 +00:00
metadataparser.py
[cleanup] Misc
2023-02-17 17:52:22 +05:30
modify_chapters.py
[postprocessor] Fix chapters if duration is not extracted (#6037)
2023-03-08 13:10:19 +00:00
movefilesafterdownload.py
[compat] Fix shutils.move in restricted ACL mode on BSD (#5309)
2022-11-07 20:54:30 +05:30
sponskrub.py
[utils] Popen: Refactor to use contextmanager
2022-06-16 06:23:50 +05:30
sponsorblock.py
[cleanup Misc
2022-10-18 23:52:44 +05:30
xattrpp.py
[cleanup] Minor fixes (See desc)
2022-05-09 17:59:26 +05:30