yt-dlp/yt_dlp
Simon Sawicki de015e9307
[core] Prevent RCE when using --exec with %q (CVE-2023-40581)
The shell escape function is now using `""` instead of `\"`. `utils.Popen` has been patched to properly quote commands.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg for reference.

Authored by: Grub4K
2023-09-24 02:29:01 +02:00
..
__pyinstaller [build] Make sure deprecated modules are added 2023-07-15 16:47:55 +05:30
compat [core] Prevent RCE when using --exec with %q (CVE-2023-40581) 2023-09-24 02:29:01 +02:00
dependencies [dependencies] Handle deprecation of sqlite3.version (#8167) 2023-09-21 15:58:53 +00:00
downloader [cleanup] Misc fixes 2023-07-22 09:09:52 +05:30
extractor [ie/nfl.com:plus:replay] Fix extractor (#7838) 2023-09-23 23:47:14 +00:00
networking [cleanup] Misc (#8182) 2023-09-23 20:00:31 +00:00
postprocessor [core] Prevent RCE when using --exec with %q (CVE-2023-40581) 2023-09-24 02:29:01 +02:00
utils [core] Prevent RCE when using --exec with %q (CVE-2023-40581) 2023-09-24 02:29:01 +02:00
__init__.py [compat, networking] Deprecate old functions (#2861) 2023-07-15 16:18:35 +05:30
__main__.py [cleanup] Misc 2022-11-11 15:48:29 +05:30
aes.py [dependencies] Simplify Cryptodome 2023-02-28 23:15:13 +05:30
cache.py [cleanup] Misc 2023-02-17 17:52:22 +05:30
casefold.py Update to ytdl-commit-07af47 2023-06-21 09:21:23 +05:30
cookies.py [cookies] Containers JSON should be opened as utf-8 (#7800) 2023-08-12 21:30:23 +00:00
jsinterp.py Update to ytdl-commit-07af47 2023-06-21 09:21:23 +05:30
minicurses.py [docs] Consistent use of e.g. (#4643) 2022-08-14 17:34:13 +05:30
options.py Improve --download-sections 2023-06-22 13:03:07 +05:30
plugins.py [plugins] Don't look in .egg directories 2023-02-28 23:14:37 +05:30
socks.py [networking] Fix various socks proxy bugs (#8065) 2023-09-18 07:33:26 +00:00
update.py [core] Raise minimum recommended Python version to 3.8 (#8183) 2023-09-24 02:24:47 +02:00
version.py Release 2023.07.06 2023-07-06 18:57:59 +00:00
webvtt.py [webvtt] Handle premature EOF 2022-11-20 14:14:42 +05:30
YoutubeDL.py [core] Raise minimum recommended Python version to 3.8 (#8183) 2023-09-24 02:24:47 +02:00