CVE-2024-38519HIGHCVSS 7.8≥ >= 2015.01.25, ≤ 2021.12.17·≥ nightly, < 2024-07-032024-07-02
CVE-2024-38519 [HIGH] CWE-669 CVE-2024-38519: `yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt
`yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows). Since `yt-dlp` and `youtube-dl` also read config from the working direc
nvd