CWE-669
Allowed-with-ReviewIncorrect Resource Transfer Between Spheres
Abstraction: Class · Status: Draft
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
144 vulnerabilities reference this CWE, most recent first.
GHSA-5HF6-CRG4-FG59
Vulnerability from github – Published: 2026-04-03 06:31 – Updated: 2026-04-04 06:55An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "roundcube/roundcubemail"
},
"ranges": [
{
"events": [
{
"introduced": "1.7-beta"
},
{
"fixed": "1.7-rc5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-35542"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-04T06:55:40Z",
"nvd_published_at": "2026-04-03T05:16:22Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass.",
"id": "GHSA-5hf6-crg4-fg59",
"modified": "2026-04-04T06:55:40Z",
"published": "2026-04-03T06:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35542"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/commit/fd0e98178db5c73eaa93d005b561874923f9b0f0"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/commit/fde14d01adc9f37893cd82b635883e516ed453f8"
},
{
"type": "PACKAGE",
"url": "https://github.com/roundcube/roundcubemail"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"
},
{
"type": "WEB",
"url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Roundcube: Bypass of remote image blocking via crafted BODY background attribute"
}
GHSA-5P6R-4C7P-96FH
Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.
{
"affected": [],
"aliases": [
"CVE-2026-32772"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-16T14:19:44Z",
"severity": "LOW"
},
"details": "telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.",
"id": "GHSA-5p6r-4c7p-96fh",
"modified": "2026-03-16T15:30:43Z",
"published": "2026-03-16T15:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32772"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2026/03/13/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5W8J-MJV3-J7GW
Vulnerability from github – Published: 2023-10-11 12:30 – Updated: 2024-04-04 08:33Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.
{
"affected": [],
"aliases": [
"CVE-2023-44100"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-11T12:15:11Z",
"severity": "HIGH"
},
"details": "Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.",
"id": "GHSA-5w8j-mjv3-j7gw",
"modified": "2024-04-04T08:33:39Z",
"published": "2023-10-11T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44100"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2023/10"
},
{
"type": "WEB",
"url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-66H8-3G48-6HX8
Vulnerability from github – Published: 2025-12-17 12:30 – Updated: 2026-06-05 14:18Edge3 Worker RPC RCE on Airflow 2.
This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2.
The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.
If projects installed and configured Edge3 provider for Airflow 2, they should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has a minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.
If projects used Edge Provider in Airflow 3, you they are not affected.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-airflow-providers-edge3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-67895"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-17T22:18:51Z",
"nvd_published_at": "2025-12-17T12:15:46Z",
"severity": "CRITICAL"
},
"details": "Edge3 Worker RPC RCE on Airflow 2.\n\nThis issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2.\n\nThe Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.\n\nIf projects installed and configured Edge3 provider for Airflow 2, they should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (\u003e=2.0.0) has a minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.\n\nIf projects used Edge Provider in Airflow 3, you they are not affected.",
"id": "GHSA-66h8-3g48-6hx8",
"modified": "2026-06-05T14:18:05Z",
"published": "2025-12-17T12:30:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67895"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/pull/59143"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2025-87.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/12/16/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context"
}
GHSA-6W4Q-23CF-J9JP
Vulnerability from github – Published: 2022-09-21 18:32 – Updated: 2022-09-21 18:32Impact
A foreign user can write to the session object of another user if the session object ID is known. For example, a foreign user can assign the session object to their own user by writing to the user field and then read any custom fields of that session object.
Note that assigning a session to a foreign user does not usually change the privileges of neither of the two users, according to how Parse Server uses session objects internally. However, if custom logic is used to relate specific session objects to privileges this vulnerability may have a higher level of severity.
The vulnerability does not allow a foreign user to assign a session object to themselves, read the session token, and then reassign the session object to the original user to then authenticate as that user with the known session token. The vulnerability only exists for foreign session objects, a user cannot assign their own session to another user.
While it is unlikely that the session object ID of another user is known, it is possible to brute-force guess an object ID, even though the attacker would not know to which user a successfully guessed session object ID belongs.
Patches
The fix prevents writing to foreign session objects, even if the session object ID is known.
Workarounds
Add a beforeSave trigger to the _Session class and prevent writing if the requesting user is different from the user in the session object.
References
- GitHub advisory GHSA-6w4q-23cf-j9jp
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.10.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.2.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39225"
],
"database_specific": {
"cwe_ids": [
"CWE-276",
"CWE-669"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-21T18:32:01Z",
"nvd_published_at": "2022-09-23T07:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nA foreign user can write to the session object of another user if the session object ID is known. For example, a foreign user can assign the session object to their own user by writing to the `user` field and then read any custom fields of that session object.\n\nNote that assigning a session to a foreign user does not usually change the privileges of neither of the two users, according to how Parse Server uses session objects internally. However, if custom logic is used to relate specific session objects to privileges this vulnerability may have a higher level of severity.\n\nThe vulnerability does not allow a foreign user to assign a session object to themselves, read the session token, and then reassign the session object to the original user to then authenticate as that user with the known session token. The vulnerability only exists for foreign session objects, a user cannot assign their own session to another user.\n\nWhile it is unlikely that the session object ID of another user is known, it is possible to brute-force guess an object ID, even though the attacker would not know to which user a successfully guessed session object ID belongs.\n\n### Patches\n\nThe fix prevents writing to foreign session objects, even if the session object ID is known.\n\n### Workarounds\n\nAdd a `beforeSave` trigger to the `_Session` class and prevent writing if the requesting user is different from the user in the session object.\n\n### References\n\n- GitHub advisory [GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)",
"id": "GHSA-6w4q-23cf-j9jp",
"modified": "2022-09-21T18:32:01Z",
"published": "2022-09-21T18:32:01Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39225"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/commit/37fed3062ccc3ef1dfd49a9fc53318e72b3e4aff"
},
{
"type": "PACKAGE",
"url": "https://github.com/parse-community/parse-server"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/releases/tag/4.10.15"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/releases/tag/5.2.6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "parse-server\u0027s session object properties can be updated by foreign user if object ID is known"
}
GHSA-6W7J-PWH6-F5F5
Vulnerability from github – Published: 2025-05-13 09:31 – Updated: 2025-05-13 09:31An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.
{
"affected": [],
"aliases": [
"CVE-2025-41645"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T09:15:21Z",
"severity": "HIGH"
},
"details": "An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.",
"id": "GHSA-6w7j-pwh6-f5f5",
"modified": "2025-05-13T09:31:09Z",
"published": "2025-05-13T09:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41645"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en/advisories/VDE-2025-010"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-728R-3WG7-P328
Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-09-16 15:32Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administration section.
{
"affected": [],
"aliases": [
"CVE-2025-59453"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T06:16:06Z",
"severity": "LOW"
},
"details": "Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administration section.",
"id": "GHSA-728r-3wg7-p328",
"modified": "2025-09-16T15:32:31Z",
"published": "2025-09-16T15:32:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59453"
},
{
"type": "WEB",
"url": "https://www.clickstudios.com.au/passwordstate-changelog.aspx"
},
{
"type": "WEB",
"url": "https://www.clickstudios.com.au/security/advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-75HX-V6J6-M6H7
Vulnerability from github – Published: 2025-09-15 06:30 – Updated: 2025-09-15 06:30In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).
{
"affected": [],
"aliases": [
"CVE-2025-59378"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T06:15:37Z",
"severity": "MODERATE"
},
"details": "In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).",
"id": "GHSA-75hx-v6j6-m6h7",
"modified": "2025-09-15T06:30:27Z",
"published": "2025-09-15T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59378"
},
{
"type": "WEB",
"url": "https://codeberg.org/guix/guix/commit/1618ca7aa2ee8b6519ee9fd0b965e15eca2bfe45"
},
{
"type": "WEB",
"url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerability-2025-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7899-W6C4-VQC4
Vulnerability from github – Published: 2025-05-05 17:03 – Updated: 2025-05-05 22:06Summary
A logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced.
Details
In the main summaly function, a new scrapingOptions object is created and passed to either the matched plugin, if any, or the default summarize function. The issue here is that the new scrapingOptions object is not provided the allowRedirects property of opts.
PoC
- Publish a post containing a link to any URL that redirects on Misskey.
- A preview will be generated for the target of the redirect, despite Misskey passing
allowRedirects: false.
Impact
Misskey will follow redirects, despite explicitly requesting not to.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@misskey-dev/summaly"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.1"
},
{
"fixed": "5.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-46553"
],
"database_specific": {
"cwe_ids": [
"CWE-601",
"CWE-665",
"CWE-669",
"CWE-693"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-05T17:03:20Z",
"nvd_published_at": "2025-05-05T19:15:56Z",
"severity": "LOW"
},
"details": "### Summary\nA logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn\u0027t enforced.\n\n### Details\nIn the main `summaly` function, a new `scrapingOptions` object is created and passed to either the matched plugin, if any, or the default summarize function. The issue here is that the new `scrapingOptions` object is not provided the `allowRedirects` property of `opts`.\n\n### PoC\n- Publish a post containing a link to any URL that redirects on Misskey.\n- A preview will be generated for the target of the redirect, despite Misskey passing `allowRedirects: false`.\n\n### Impact\nMisskey will follow redirects, despite explicitly requesting not to.",
"id": "GHSA-7899-w6c4-vqc4",
"modified": "2025-05-05T22:06:39Z",
"published": "2025-05-05T17:03:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/misskey-dev/summaly/security/advisories/GHSA-7899-w6c4-vqc4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46553"
},
{
"type": "WEB",
"url": "https://github.com/misskey-dev/summaly/commit/45153b4f08a772c395a13f7a25399dd87ed022ed"
},
{
"type": "PACKAGE",
"url": "https://github.com/misskey-dev/summaly"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "@misskey-dev/summaly Redirect Filter Bypass"
}
GHSA-79W7-VH3H-8G4J
Vulnerability from github – Published: 2024-07-02 15:58 – Updated: 2024-07-05 17:54Summary
yt-dlp does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows). Since yt-dlp also reads config from the working directory (and on Windows executables will be executed from the yt-dlp directory) this could lead to arbitrary code being executed.
Patches
yt-dlp version 2024.07.01 fixes this issue by whitelisting the allowed extensions.
This means some very uncommon extensions might not get downloaded; however, it will also limit the possible exploitation surface.
Workarounds
It is recommended to upgrade yt-dlp to version 2024.07.01 as soon as possible, always have .%(ext)s at the end of the output template, and make sure you trust the websites that you are downloading from. Also, make sure to never download to a directory within PATH or other sensitive locations like your user directory, system32, or other binaries locations.
For users not able to upgrade:
- Make sure the extension of the media to download is a common video/audio/sub/... one
- Try to avoid the generic extractor (--ies default,-generic)
- Keep the default output template (-o "%(title)s [%(id)s].%(ext)s)
- Omit any of the subtitle options (--write-subs, --write-auto-subs, --all-subs, --write-srt)
- Use --ignore-config --config-location ... to not load config from common locations
Details
One potential exploitation might look like this:
From a mimetype we do not know, we default to trimming the leading bit and using the remainder. Given a webpage that contains
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "VideoObject",
"name": "ffmpeg",
"encodingFormat": "video/exe",
"contentUrl": "https://example.com/video.mp4"
}
</script>
this will try and download a file called ffmpeg.exe (-o "%(title)s.%(ext)s).
ffmpeg.exe will be searched for in the current directory, and so upon the next run arbitrary code can be executed.
Alternatively, when engineering a file called yt-dlp.conf to be created, the config file could contain --exec ... and so would also execute arbitrary code.
Acknowledgement
A big thanks to @JarLob for independently finding a new application of the same underlying issue. More can be read about on the dedicated GitHub Security Lab disclosure here: Path traversal saving subtitles (GHSL-2024-090)
References
- https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
- https://nvd.nist.gov/vuln/detail/CVE-2024-38519
- https://github.com/yt-dlp/yt-dlp/releases/tag/2024.07.01
- https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a
- https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "yt-dlp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2024.07.01"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-38519"
],
"database_specific": {
"cwe_ids": [
"CWE-434",
"CWE-669"
],
"github_reviewed": true,
"github_reviewed_at": "2024-07-02T15:58:35Z",
"nvd_published_at": "2024-07-02T14:15:13Z",
"severity": "HIGH"
},
"details": "### Summary\n`yt-dlp` does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows). Since `yt-dlp` also reads config from the working directory (and on Windows executables will be executed from the yt-dlp directory) this could lead to arbitrary code being executed.\n\n### Patches\n`yt-dlp` version 2024.07.01 fixes this issue by whitelisting the allowed extensions.\nThis means some very uncommon extensions might not get downloaded; however, it will also limit the possible exploitation surface.\n\n### Workarounds\nIt is recommended to upgrade yt-dlp to version 2024.07.01 as soon as possible, **always** have `.%(ext)s` at the end of the output template, and make sure you trust the websites that you are downloading from. Also, make sure to never download to a directory within PATH or other sensitive locations like your user directory, `system32`, or other binaries locations.\n\nFor users not able to upgrade:\n- Make sure the extension of the media to download is a common video/audio/sub/... one\n- Try to avoid the generic extractor (`--ies default,-generic`)\n- Keep the default output template (`-o \"%(title)s [%(id)s].%(ext)s`)\n- Omit any of the subtitle options (`--write-subs`, `--write-auto-subs`, `--all-subs`, `--write-srt`)\n- Use `--ignore-config --config-location ...` to not load config from common locations\n\n### Details\nOne potential exploitation might look like this:\n\nFrom a mimetype we do not know, we default to trimming the leading bit and using the remainder. Given a webpage that contains\n```html\n\u003cscript type=\"application/ld+json\"\u003e\n{\n \"@context\": \"https://schema.org\",\n \"@type\": \"VideoObject\",\n \"name\": \"ffmpeg\",\n \"encodingFormat\": \"video/exe\",\n \"contentUrl\": \"https://example.com/video.mp4\"\n}\n\u003c/script\u003e\n```\nthis will try and download a file called `ffmpeg.exe` (`-o \"%(title)s.%(ext)s`).\n`ffmpeg.exe` will be searched for in the current directory, and so upon the next run arbitrary code can be executed.\n\nAlternatively, when engineering a file called `yt-dlp.conf` to be created, the config file could contain `--exec ...` and so would also execute arbitrary code.\n\n### Acknowledgement\nA big thanks to @JarLob for independently finding a new application of the same underlying issue.\nMore can be read about on the dedicated GitHub Security Lab disclosure here: [Path traversal saving subtitles (GHSL-2024-090)](\u003chttps://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp\u003e)\n\n### References\n- https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j\n- https://nvd.nist.gov/vuln/detail/CVE-2024-38519\n- https://github.com/yt-dlp/yt-dlp/releases/tag/2024.07.01\n- https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a\n- https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp\n",
"id": "GHSA-79w7-vh3h-8g4j",
"modified": "2024-07-05T17:54:51Z",
"published": "2024-07-02T15:58:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq"
},
{
"type": "WEB",
"url": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38519"
},
{
"type": "WEB",
"url": "https://github.com/ytdl-org/youtube-dl/pull/32830"
},
{
"type": "WEB",
"url": "https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a"
},
{
"type": "WEB",
"url": "https://github.com/ytdl-org/youtube-dl/commit/d42a222ed541b96649396ef00e19552aef0f09ec"
},
{
"type": "PACKAGE",
"url": "https://github.com/yt-dlp/yt-dlp"
},
{
"type": "WEB",
"url": "https://github.com/yt-dlp/yt-dlp/releases/tag/2024.07.01"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2024-089_youtube-dl"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "yt-dlp File system modification and RCE through improper file-extension sanitization"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.