Debian Youtube-Dl vulnerabilities

CVE-2024-38519 [HIGH] CVE-2024-38519: youtube-dl - `yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the... `yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows). Since `yt-dlp` and `youtube-dl` also read config from the working directory (and on

CVE-2023-35934 [MEDIUM] CVE-2023-35934: youtube-dl - yt-dlp is a command-line program to download videos from video sites. During fil... yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06