Описание
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlp_x86.exe.
Уязвимые конфигурации
Конфигурация 1Версия до 25.02.5 (исключая)
cpe:2.3:a:ankitects:anki:*:*:*:*:*:*:*:*
EPSS
Процентиль: 3%
0.00016
Низкий
6.7 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-427
Связанные уязвимости
CVSS3: 6.7
github
4 месяца назад
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlp_x86.exe.
EPSS
Процентиль: 3%
0.00016
Низкий
6.7 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-427