Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
YoutubeDLSharp allows command injection on windows system due to non sanitized arguments
Vulnerability Description
YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting `yt-dlp` from a commands prompt running on Windows OS with the `UseWindowsEncodingWorkaround` value defined to true (default behavior). If a user is using built-in methods from the YoutubeDL.cs file, the value is true by default and a user cannot disable it from these methods. This issue has been patched in version 1.1.2.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Bluegrams YoutubeDLSharp 安全漏洞
Vulnerability Description
Bluegrams YoutubeDLSharp是Bluegrams公司的一个youtube-dl和yt-dlp的简单.NET包装库。 Bluegrams YoutubeDLSharp 1.0.0-beta4版本至1.1.2之前版本存在安全漏洞,该漏洞源于参数转换不安全,可能导致命令注入。
CVSS Information
N/A
Vulnerability Type
N/A