Описание
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:aenrich:a\+hrd:6.8:*:*:*:*:*:*:*
cpe:2.3:a:aenrich:a\+hrd:7.0:*:*:*:*:*:*:*
cpe:2.3:a:aenrich:a\+hrd:7.1:*:*:*:*:*:*:*
cpe:2.3:a:aenrich:a\+hrd:7.2:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00093
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-88
Связанные уязвимости
CVSS3: 5.3
github
почти 2 года назад
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files.
EPSS
Процентиль: 26%
0.00093
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-88