Archives
/
yt-dlp
mirror of https://github.com/yt-dlp/yt-dlp
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
release
gh-pages
2021.01.07
2021.01.07-1
2021.01.08
2021.01.09
2021.01.10
2021.01.12
2021.01.14
2021.01.16
2021.01.20
2021.01.24
2021.01.24-1
2021.01.29
2021.02.04
2021.02.09
2021.02.15
2021.02.19
2021.02.24
2021.03.01
2021.03.03
2021.03.03.2
2021.03.07
2021.03.15
2021.03.21
2021.03.24
2021.03.24.1
2021.04.03
2021.04.11
2021.04.22
2021.05.11
2021.05.20
2021.06.01
2021.06.08
2021.06.09
2021.06.23
2021.07.07
2021.07.21
2021.07.24
2021.08.02
2021.08.10
2021.09.01
2021.09.02
2021.09.25
2021.10.09
2021.10.10
2021.10.22
2021.11.10
2021.11.10.1
2021.12.01
2021.12.25
2021.12.27
2022.01.21
2022.02.03
2022.02.04
2022.03.08
2022.03.08.1
2022.04.08
2022.05.18
2022.06.22
2022.06.22.1
2022.06.29
2022.07.18
2022.08.08
2022.08.14
2022.08.18.36
2022.08.19
2022.09.01
2022.10.04
2022.11.11
2023.01.02
2023.01.06
2023.02.17
2023.03.03
2023.03.04
2023.06.21
2023.06.22
2023.07.06
2023.09.24
2023.10.07
2023.10.13
2023.11.14
2023.11.16
2023.12.30
2024.03.10
2024.04.09
2024.05.26
2024.05.27
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4392c4680c'
${ noResults }
yt-dlp/yt_dlp/utils
History
Simon Sawicki de015e9307
[core] Prevent RCE when using `--exec` with `%q` (CVE-2023-40581) 
The shell escape function is now using `""` instead of `\"`. `utils.Popen` has been patched to properly quote commands.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg for reference.

Authored by: Grub4K
 		8 months ago
..
__init__.py [compat] Ensure submodules are imported correctly 10 months ago
_deprecated.py [compat, networking] Deprecate old functions (#2861) 11 months ago
_legacy.py [networking] Remove dot segments during URL normalization (#7662) 10 months ago
_utils.py [core] Prevent RCE when using `--exec` with `%q` (CVE-2023-40581) 8 months ago
networking.py [utils] HTTPHeaderDict: Handle byte values 10 months ago
traversal.py [cleanup, utils] Split into submodules (#7090) 1 year ago