diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2024-04-10 08:05:44 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2024-04-10 08:05:44 +0200 |
commit | 2898b65c9ebba804a9aa88c2d465620bfb83e1e4 (patch) | |
tree | 09735bdf5b20c34b5aba576150f1d8a92565698e /data | |
parent | 9cc973373e2d4acc6f3e3228b57eea5798949693 (diff) |
Add CVE-2024-22423/yt-dlp
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index 1995ff5bfb..9594ecc08b 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -544,7 +544,11 @@ CVE-2024-23671 (A improper limitation of a pathname to a restricted directory (' CVE-2024-23662 (An exposure of sensitive information to an unauthorized actor in Forti ...) NOT-FOR-US: FortiGuard CVE-2024-22423 (yt-dlp is a youtube-dl fork with additional features and fixes. The pa ...) - TODO: check + - yt-dlp <not-affected> (Windows-specific) + NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p + NOTE: Fixed by: https://github.com/yt-dlp/yt-dlp/commit/ff07792676f404ffff6ee61b5638c9dc1a33a37a (2024.04.09) + NOTE: https://github.com/yt-dlp/yt-dlp/releases/tag/2024.04.09 + NOTE: Issue exists because of incomplete fix to address CVE-2023-40581 CVE-2024-21756 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: FortiGuard CVE-2024-21755 (A improper neutralization of special elements used in an os command (' ...) |