Описание
StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution (RCE) vulnerability exists in the stream-vault application (SpiritApplication). The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without sufficient validation. These arguments are stored globally and subsequently used in YtDlpUtil.java when constructing the command line to execute yt-dlp. This issue has been patched in version 251126.
EPSS
Процентиль: 56%
0.00335
Низкий
9.9 Critical
CVSS3
Дефекты
CWE-78
EPSS
Процентиль: 56%
0.00335
Низкий
9.9 Critical
CVSS3
Дефекты
CWE-78