aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-7726-e5f70-1.html |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2024-04-15T02:41:18.782Z
Updated: 2024-07-05T12:48:08.114Z
Reserved: 2024-04-15T01:56:14.581Z
Link: CVE-2024-3775
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-04-15T04:15:16.137
Modified: 2024-04-15T13:15:31.997
Link: CVE-2024-3775
JSON object: View
Redhat Information
No data.
CWE