VDB
CVE-2024-38519
CVE-2024-38519
PUBLISHED
CVSS 7.800000190734863 HIGH
yt-dlp File system modification and RCE through improper file-extension sanitization
EPSS 0.04% · 14.2th percentile
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.04%
14.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ytdl-org | youtube-dl | >= 2015.01.25, * |
| yt-dlp | yt-dlp | < 2024.07.01 |
| PyPI | yt-dlp | 0 |
| yt-dlp_project | yt-dlp | 0 |
Timeline
- Jan 20, 1970 Fix PR Merged
- Jan 21, 1970 Security Advisory
- Jul 2, 2024 CVE Published
- Jul 3, 2024 EPSS Score
- Jul 25, 2024 EPSS Score
- Aug 16, 2024 EPSS Score
- Sep 8, 2024 EPSS Score
- Sep 30, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 22, 2024 EPSS Score
- Nov 13, 2024 EPSS Score
- Dec 6, 2024 EPSS Score
References
- https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j url
- https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a url
- https://github.com/yt-dlp/yt-dlp/releases/tag/2024.07.01 url
- https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp url
- https://github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq url
- https://securitylab.github.com/advisories/GHSL-2024-089_youtube-dl/ url
- https://github.com/ytdl-org/youtube-dl/pull/32830 url
- https://github.com/ytdl-org/youtube-dl/commit/d42a222ed541b96649396ef00e19552aef0f09ec url
- https://nvd.nist.gov/vuln/detail/CVE-2024-38519 advisory
- https://github.com/yt-dlp/yt-dlp package
- https://securitylab.github.com/advisories/GHSL-2024-089_youtube-dl advisory