aboutsummaryrefslogtreecommitdiff
path: root/devscripts/zsh-completion.py
diff options
context:
space:
mode:
authorSimon Sawicki <contact@grub4k.xyz>2023-09-24 02:29:01 +0200
committerSimon Sawicki <contact@grub4k.xyz>2023-09-24 02:29:01 +0200
commitde015e930747165dbb8fcd360f8775fd973b7d6e (patch)
tree7588e5aefdba5eb635a8690b824b1a49672342d8 /devscripts/zsh-completion.py
parent61bdf15fc7400601c3da1aa7a43917310a5bf391 (diff)
[core] Prevent RCE when using `--exec` with `%q` (CVE-2023-40581)
The shell escape function is now using `""` instead of `\"`. `utils.Popen` has been patched to properly quote commands. Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg for reference. Authored by: Grub4K
Diffstat (limited to 'devscripts/zsh-completion.py')
0 files changed, 0 insertions, 0 deletions