hoelee/yt-dlp
1
0
Fork 0
mirror of https://github.com/yt-dlp/yt-dlp.git synced 2025-08-09 13:39:40 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

[core] Disallow unsafe extensions (CVE-2024-38519)

Browse Source 
Ref: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j

Authored by: Grub4K
This commit is contained in:
Simon Sawicki
2024-07-02 00:52:50 +02:00
parent 6aaf96a3d6
commit 5ce582448e
7 changed files with 179 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
devscripts/changelog_override.json
View File

@@ -175,5 +175,10 @@
"when": "e6a22834df1776ec4e486526f6df2bf53cb7e06f",
"short": "[ie/orf:on] Add `prefer_segments_playlist` extractor-arg (#10314)",
"authors": ["seproDev"]
},
{
"action": "add",
"when": "6aaf96a3d6e7d0d426e97e11a2fcf52fda00e733",
"short": "[priority] Security: [[CVE-2024-10123](https://nvd.nist.gov/vuln/detail/CVE-2024-10123)] [Properly sanitize file-extension to prevent file system modification and RCE](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j)\n - Unsafe extensions are now blocked from being downloaded"
}
]