{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-46121", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-16T17:51:35.571Z", "datePublished": "2023-11-14T23:31:55.145Z", "dateUpdated": "2023-11-14T23:31:55.145Z"}, "containers": {"cna": {"title": "Generic Extractor MITM Vulnerability in yt-dlp", "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "lang": "en", "description": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x"}, {"name": "https://github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092eb", "tags": ["x_refsource_MISC"], "url": "https://github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092eb"}, {"name": "https://github.com/yt-dlp/yt-dlp/releases/tag/2023.11.14", "tags": ["x_refsource_MISC"], "url": "https://github.com/yt-dlp/yt-dlp/releases/tag/2023.11.14"}], "affected": [{"vendor": "yt-dlp", "product": "yt-dlp", "versions": [{"version": ">= 2022.10.04, < 2023.11.14", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-14T23:31:55.145Z"}, "descriptions": [{"lang": "en", "value": "yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. Version 2023.11.14 removed the ability to smuggle `http_headers` to the Generic extractor, as well as other extractors that use the same pattern. Users are advised to upgrade. Users unable to upgrade should disable the Ggneric extractor (or only pass trusted sites with trusted content) and ake caution when using `--no-check-certificate`."}], "source": {"advisory": "GHSA-3ch3-jhc6-5r8x", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yt-dlp_project:yt-dlp:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FC3CE4C-A093-449A-BB70-CFB7A7FD1EF0", "versionEndExcluding": "2023.11.14", "versionStartIncluding": "2022.10.04", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. Version 2023.11.14 removed the ability to smuggle `http_headers` to the Generic extractor, as well as other extractors that use the same pattern. Users are advised to upgrade. Users unable to upgrade should disable the Ggneric extractor (or only pass trusted sites with trusted content) and ake caution when using `--no-check-certificate`."}, {"lang": "es", "value": "yt-dlp es una bifurcaci\u00f3n de youtube-dl con funciones y correcciones adicionales. The Generic Extractor en yt-dlp es vulnerable a que un atacante configure un proxy arbitrario para una solicitud en una URL arbitraria, lo que le permite al atacante realizar MITM la solicitud realizada desde la sesi\u00f3n HTTP de yt-dlp. En algunos casos, esto podr\u00eda provocar la exfiltraci\u00f3n de cookies. La versi\u00f3n 2023.11.14 elimin\u00f3 la capacidad de pasar de contrabando `http_headers` al extractor gen\u00e9rico, as\u00ed como a otros extractores que usan el mismo patr\u00f3n. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben desactivar el extractor Ggneric (o solo pasar por sitios confiables con contenido confiable) y tener cuidado al usar `--no-check-certificate`."}], "id": "CVE-2023-46121", "lastModified": "2023-11-22T15:05:37.027", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-11-15T00:15:09.470", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092eb"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/yt-dlp/yt-dlp/releases/tag/2023.11.14"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}