MarcoBuster/yt-dlp
1
0
Fork 0
mirror of https://github.com/yt-dlp/yt-dlp.git synced 2025-01-12 13:35:53 +01:00
Code Issues Projects Releases Wiki Activity
yt-dlp/yt_dlp/compat
History
Simon Sawicki ff07792676
[core] Prevent RCE when using --exec with %q (CVE-2024-22423) 
The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details.

Authored by: Grub4K
2024-04-09 18:36:13 +02:00
..
urllib
[docs] Misc Cleanup (#8977)
2024-03-11 00:48:47 +05:30
__init__.py
[core] Prevent RCE when using --exec with %q (CVE-2024-22423)
2024-04-09 18:36:13 +02:00
_deprecated.py
[compat] Ensure submodules are imported correctly
2023-07-22 18:10:35 +05:30
_legacy.py
[networking] Remove _CompatHTTPError (#8871)
2024-01-20 15:26:50 +13:00
compat_utils.py
[dependencies] Handle deprecation of sqlite3.version (#8167)
2023-09-21 15:58:53 +00:00
functools.py
Remove Python 3.7 support (#8361)
2023-11-16 18:39:00 +00:00
imghdr.py
[mhtml, cleanup] Use imghdr
2022-07-31 02:20:12 +05:30
shutil.py
[compat] Fix shutils.move in restricted ACL mode on BSD (#5309)
2022-11-07 20:54:30 +05:30
types.py
Fix e0c4db04dc82a699bdabd9821ddc239ebe17d30a for pypy
2023-07-22 10:17:36 +05:30