Debian Yt-Dlp vulnerabilities

CVE-2026-26331 [HIGH] CVE-2026-26331: yt-dlp - yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 ... yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's `--netrc-cmd` command-line option (or `netrc_cmd` Python API parameter) is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. yt-dlp maintainers assume the impact of this vulnerabi

CVE-2025-54072 [HIGH] CVE-2025-54072: yt-dlp - yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.0... yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder (or {}), insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the mitigation for CVE-2024-22423 where the default placeholder and {} wer

CVE-2024-38519 [HIGH] CVE-2024-38519: youtube-dl - `yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the... `yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows). Since `yt-dlp` and `youtube-dl` also read config from the working directory (and on

CVE-2024-22423 [HIGH] CVE-2024-22423: yt-dlp - yt-dlp is a youtube-dl fork with additional features and fixes. The patch that a... yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `--exec`, along with th

CVE-2023-35934 [MEDIUM] CVE-2023-35934: youtube-dl - yt-dlp is a command-line program to download videos from video sites. During fil... yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06

CVE-2023-46121 [MEDIUM] CVE-2023-46121: yt-dlp - yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extr... yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. Version 2023.11.14 removed the ability to smuggle `

CVE-2023-40581 [HIGH] CVE-2023-40581: yt-dlp - yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows th... yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined with the `%q`