Archives
/
yt-dlp
mirror of https://github.com/yt-dlp/yt-dlp
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
release
gh-pages
2021.01.07
2021.01.07-1
2021.01.08
2021.01.09
2021.01.10
2021.01.12
2021.01.14
2021.01.16
2021.01.20
2021.01.24
2021.01.24-1
2021.01.29
2021.02.04
2021.02.09
2021.02.15
2021.02.19
2021.02.24
2021.03.01
2021.03.03
2021.03.03.2
2021.03.07
2021.03.15
2021.03.21
2021.03.24
2021.03.24.1
2021.04.03
2021.04.11
2021.04.22
2021.05.11
2021.05.20
2021.06.01
2021.06.08
2021.06.09
2021.06.23
2021.07.07
2021.07.21
2021.07.24
2021.08.02
2021.08.10
2021.09.01
2021.09.02
2021.09.25
2021.10.09
2021.10.10
2021.10.22
2021.11.10
2021.11.10.1
2021.12.01
2021.12.25
2021.12.27
2022.01.21
2022.02.03
2022.02.04
2022.03.08
2022.03.08.1
2022.04.08
2022.05.18
2022.06.22
2022.06.22.1
2022.06.29
2022.07.18
2022.08.08
2022.08.14
2022.08.18.36
2022.08.19
2022.09.01
2022.10.04
2022.11.11
2023.01.02
2023.01.06
2023.02.17
2023.03.03
2023.03.04
2023.06.21
2023.06.22
2023.07.06
2023.09.24
2023.10.07
2023.10.13
2023.11.14
2023.11.16
2023.12.30
2024.03.10
2024.04.09
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c9ce57d9bf'
${ noResults }
yt-dlp/yt_dlp/utils
History
Simon Sawicki ff07792676
[core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423) 
The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details.

Authored by: Grub4K
 		1 month ago
..
__init__.py [compat] Ensure submodules are imported correctly 10 months ago
_deprecated.py [compat, networking] Deprecate old functions (#2861) 10 months ago
_legacy.py [cleanup] Misc (#8968) 2 months ago
_utils.py [core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423) 1 month ago
networking.py [networking] Strip whitespace around header values (#8802) 5 months ago
progress.py [fd/fragment] Improve progress calculation (#8241) 7 months ago
traversal.py [utils] `traverse_obj`: Convenience improvements (#9577) 2 months ago