CVE-2023-46121 Information
Description
yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url allowing the attacker to MITM the request made from yt-dlp’s HTTP session. This could lead to cookie exfiltration in some cases. Version 2023.11.14 removed the ability to smuggle http_headers to the Generic extractor as well as other extractors that use the same pattern. Users are advised to upgrade. Users unable to upgrade should disable the Ggneric extractor (or only pass trusted sites with trusted content) and ake caution when using --no-check-certificate.
Reference
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x
https://github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092eb
https://github.com/yt-dlp/yt-dlp/releases/tag/2023.11.14
yt-dlp
is
a
youtube-dl
fork
with
additional
features
and
fixes.
The
Generic
Extractor
in
yt-dlp
is
vulnerable
to
an
attacker
setting
an
arbitrary
proxy
for
a
request
to
an
arbitrary
url
allowing
the
attacker
to
MITM
the
request
made
from
yt-dlp’s
HTTP
session.
This
could
lead
to
cookie
exfiltration
in
some
cases.
Version
2023.11.14
removed
the
ability
to
smuggle
[***http_headers***](http_headers) to the Generic extractor as well as other extractors that use the same pattern. Users are advised to upgrade. Users unable to upgrade should disable the Ggneric extractor (or only pass trusted sites with trusted content) and ake caution when using –no-check-certificate`.