mirror
/
yt-dlp
kopia lustrzana https://github.com/yt-dlp/yt-dlp
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność
yt-dlp/devscripts
Historia
Simon Sawicki ff07792676
[core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423) 
The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details.

Authored by: Grub4K
 		2024-04-09 18:36:13 +02:00
..
__init__.py [cleanup] Misc (#8968) 2024-03-11 00:52:28 +05:30
bash-completion.in Completely change project name to yt-dlp (#85) 2021-02-25 00:15:56 +05:30
bash-completion.py [cleanup] Consistent style for file heads 2022-06-25 00:08:58 +05:30
changelog_override.json [core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423) 2024-04-09 18:36:13 +02:00
changelog_override.schema.json [devscripts] Script to generate changelog (#6220) 2023-03-03 22:54:23 +05:30
check-porn.py [compat] Remove deprecated functions from core code 2022-06-25 00:14:12 +05:30
cli_to_api.py [cleanup] Misc 2023-06-21 09:21:20 +05:30
fish-completion.in Completely change project name to yt-dlp (#85) 2021-02-25 00:15:56 +05:30
fish-completion.py [cleanup] Consistent style for file heads 2022-06-25 00:08:58 +05:30
generate_aes_testdata.py [cleanup] Consistent style for file heads 2022-06-25 00:08:58 +05:30
install_deps.py [build] Optional dependencies cleanup (#9550) 2024-03-29 23:24:40 +00:00
lazy_load_template.py [extractor] Support multiple `_VALID_URL`s (#5812) 2023-06-22 03:19:55 +05:30
logo.ico Add logo and banner 2021-08-02 08:51:22 +05:30
make_changelog.py [build] Update changelog for tarball and sdist (#9425) 2024-03-14 21:10:20 +00:00
make_contributing.py [cleanup] Consistent style for file heads 2022-06-25 00:08:58 +05:30
make_issue_template.py [cleanup] Misc (#8598) 2023-12-30 22:27:36 +01:00
make_lazy_extractors.py Improve plugin architecture (#5553) 2023-01-01 04:29:22 +00:00
make_readme.py [build] Automated builds and nightly releases (#6220) 2023-03-03 22:54:23 +05:30
make_supportedsites.py [devscripts] Create `utils` and refactor 2022-08-09 01:08:47 +05:30
prepare_manpage.py [docs] Various manpage fixes 2024-04-08 21:24:58 +02:00
run_tests.bat [devscripts] `run_tests`: Create Python script (#8720) 2023-12-26 18:30:04 +01:00
run_tests.py Fix 2d1d683a54 2023-12-26 20:07:09 +01:00
run_tests.sh [devscripts] `run_tests`: Create Python script (#8720) 2023-12-26 18:30:04 +01:00
set-variant.py [build, devscripts] Add devscript to set a build variant 2022-08-09 01:08:48 +05:30
tomlparse.py [cleanup] Standardize `import datetime as dt` (#8978) 2024-04-01 05:32:15 +05:30
update-version.py [cleanup] Standardize `import datetime as dt` (#8978) 2024-04-01 05:32:15 +05:30
update_changelog.py [build] Update changelog for tarball and sdist (#9425) 2024-03-14 21:10:20 +00:00
utils.py [build] Overhaul and unify release workflow 2023-11-12 18:29:19 -06:00
zsh-completion.in Completely change project name to yt-dlp (#85) 2021-02-25 00:15:56 +05:30
zsh-completion.py [cleanup] Consistent style for file heads 2022-06-25 00:08:58 +05:30