mirror
/
yt-dlp
kopia lustrzana https://github.com/yt-dlp/yt-dlp
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność
yt-dlp/yt_dlp/compat
Historia
Simon Sawicki ff07792676
[core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423) 
The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details.

Authored by: Grub4K
 		2024-04-09 18:36:13 +02:00
..
urllib
__init__.py [core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423) 2024-04-09 18:36:13 +02:00
_deprecated.py
_legacy.py
compat_utils.py
functools.py
imghdr.py
shutil.py
types.py