yt-dlp/devscripts
Simon Sawicki de015e9307
[core] Prevent RCE when using --exec with %q (CVE-2023-40581)
The shell escape function is now using `""` instead of `\"`. `utils.Popen` has been patched to properly quote commands.

Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg for reference.

Authored by: Grub4K
2023-09-24 02:29:01 +02:00
..
__init__.py [devscripts] Fix import 2022-08-11 07:23:48 +05:30
bash-completion.in
bash-completion.py
changelog_override.json [core] Prevent RCE when using --exec with %q (CVE-2023-40581) 2023-09-24 02:29:01 +02:00
changelog_override.schema.json [devscripts] Script to generate changelog (#6220) 2023-03-03 22:54:23 +05:30
check-porn.py
cli_to_api.py [cleanup] Misc 2023-06-21 09:21:20 +05:30
fish-completion.in
fish-completion.py
generate_aes_testdata.py
lazy_load_template.py [extractor] Support multiple _VALID_URLs (#5812) 2023-06-22 03:19:55 +05:30
logo.ico
make_changelog.py [cleanup] Misc (#8182) 2023-09-23 20:00:31 +00:00
make_contributing.py
make_issue_template.py [cleanup] Misc 2023-02-28 23:51:06 +05:30
make_lazy_extractors.py Improve plugin architecture (#5553) 2023-01-01 04:29:22 +00:00
make_readme.py [build] Automated builds and nightly releases (#6220) 2023-03-03 22:54:23 +05:30
make_supportedsites.py
prepare_manpage.py
run_tests.bat
run_tests.sh [cleanup] Misc 2022-09-01 16:49:03 +05:30
set-variant.py [build, devscripts] Add devscript to set a build variant 2022-08-09 01:08:48 +05:30
SizeOfImage_w.patch
SizeOfImage.patch
update-formulae.py
update-version.py [core] Fix support for upcoming Python 3.12 (#8130) 2023-09-17 12:56:50 +02:00
utils.py [cleanup] Misc 2023-03-05 03:34:55 +05:30
zsh-completion.in
zsh-completion.py