CVE-2024-38519 | yt-dlp 2023.09.24.003044/2023.7.06/2023.11.14 Working Directory unrestricted upload (GHSA-79w7-vh3h-8g4j)

Posted by Angelo Barbosa | Jul 2, 2024 | CVE

A vulnerability was found in yt-dlp 2023.09.24.003044/2023.7.06/2023.11.14 and classified as critical. This issue affects some unknown processing of the component Working Directory Handler. The manipulation leads to unrestricted upload.

The identification of this vulnerability is CVE-2024-38519. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-38519 | yt-dlp 2023.09.24.003044/2023.7.06/2023.11.14 Working Directory unrestricted upload (GHSA-79w7-vh3h-8g4j)

Related Posts

CVE-2023-49947 | Forgejo up to 1.20.5 Basic Authentication improper authentication

CVE-2024-38523 | scidsg hushline prior 0.1.0 TOTP Authentication Flow improper authentication (GHSA-4c38-hhxx-9mhx)

CVE-2024-7212 | TOTOLINK A7000R 9.1.0u.6268_B20220504 /cgi-bin/cstecgi.cgi loginauth password buffer overflow

CVE-2024-8522 | LearnPress Plugin up to 4.2.7 on WordPress c_only_fields sql injection