CNNVD-202512-4858 Information

CNNVD ID

CNNVD-202512-4858

Related CVE

CVE-2025-66203

• CNNVD Published: 2025-12-27

Description (Chinese)

StreamVault是MochiMoon个人开发者的一个视频解析下载工具。 StreamVault 251126之前版本存在操作系统命令注入漏洞，该漏洞源于未充分验证yt-dlp参数配置，可能导致远程代码执行。

Description (English)

StraamVault is a video resolution download tool for MochiMoon personal developers. There was an operational system command-injection gap in the pre-StreamVault 251126 version, which resulted from inadequate validation of yt-dlp parameter configuration, which could lead to remote code execution.

Hazard Level

Low

Vulnerability Type

操作系统命令注入

Affected Vendor

个人开发者

Published

2025-12-27

Last Modified

2026-02-24

References

https://github.com/lemon8866/StreamVault/releases/tag/251226 https://github.com/lemon8866/StreamVault/security/advisories/GHSA-c747-q388-3v6m https://access.redhat.com/security/cve/cve-2025-66203

Patch

https://github.com/lemon8866/StreamVault/releases