Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2024-22423

Disclosure Date: April 09, 2024 •

CVE-2024-22423

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in --exec, along with this vulnerable behavior, was added to yt-dlp in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping %. It replaces them with %%cd:~,%, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using --exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in --exec other than {} (filepath); if expansion in --exec is needed, verify the fields you are using do not contain ", | or &; and/or instead of using --exec, write the info json and load the fields from it instead.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

yt-dlp

Products

yt-dlp

References

Canonical

CVE-2024-22423 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22423)

Miscellaneous

https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p

https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg

https://github.com/yt-dlp/yt-dlp/commit/de015e930747165dbb8fcd360f8775fd973b7d6e

https://github.com/yt-dlp/yt-dlp/commit/ff07792676f404ffff6ee61b5638c9dc1a33a37a

https://github.com/yt-dlp/yt-dlp/releases/tag/2021.04.11

https://github.com/yt-dlp/yt-dlp/releases/tag/2024.04.09

https://www.kb.cert.org/vuls/id/123335

Rapid7

Unknown

CVE-2024-22423

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-22423

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-22423

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-22423

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification