Common Weakness Enumeration

CWE-669

Allowed-with-Review

Incorrect Resource Transfer Between Spheres

Abstraction: Class · Status: Draft

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

144 vulnerabilities reference this CWE, most recent first.

GHSA-5HF6-CRG4-FG59

Vulnerability from github – Published: 2026-04-03 06:31 – Updated: 2026-04-04 06:55
VLAI
Summary
Roundcube: Bypass of remote image blocking via crafted BODY background attribute
Details

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "roundcube/roundcubemail"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.7-beta"
            },
            {
              "fixed": "1.7-rc5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35542"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-04T06:55:40Z",
    "nvd_published_at": "2026-04-03T05:16:22Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass.",
  "id": "GHSA-5hf6-crg4-fg59",
  "modified": "2026-04-04T06:55:40Z",
  "published": "2026-04-03T06:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35542"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/commit/fd0e98178db5c73eaa93d005b561874923f9b0f0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/commit/fde14d01adc9f37893cd82b635883e516ed453f8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/roundcube/roundcubemail"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"
    },
    {
      "type": "WEB",
      "url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Roundcube: Bypass of remote image blocking via crafted BODY background attribute"
}

GHSA-5P6R-4C7P-96FH

Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30
VLAI
Details

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-32772"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-16T14:19:44Z",
    "severity": "LOW"
  },
  "details": "telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.",
  "id": "GHSA-5p6r-4c7p-96fh",
  "modified": "2026-03-16T15:30:43Z",
  "published": "2026-03-16T15:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32772"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/03/13/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5W8J-MJV3-J7GW

Vulnerability from github – Published: 2023-10-11 12:30 – Updated: 2024-04-04 08:33
VLAI
Details

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-44100"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-11T12:15:11Z",
    "severity": "HIGH"
  },
  "details": "Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.",
  "id": "GHSA-5w8j-mjv3-j7gw",
  "modified": "2024-04-04T08:33:39Z",
  "published": "2023-10-11T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44100"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2023/10"
    },
    {
      "type": "WEB",
      "url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-66H8-3G48-6HX8

Vulnerability from github – Published: 2025-12-17 12:30 – Updated: 2026-06-05 14:18
VLAI
Summary
Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context
Details

Edge3 Worker RPC RCE on Airflow 2.

This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2.

The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.

If projects installed and configured Edge3 provider for Airflow 2, they should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has a minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.

If projects used Edge Provider in Airflow 3, you they are not affected.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow-providers-edge3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-67895"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-17T22:18:51Z",
    "nvd_published_at": "2025-12-17T12:15:46Z",
    "severity": "CRITICAL"
  },
  "details": "Edge3 Worker RPC RCE on Airflow 2.\n\nThis issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2.\n\nThe Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.\n\nIf projects installed and configured Edge3 provider for Airflow 2, they should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (\u003e=2.0.0) has a minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.\n\nIf projects used Edge Provider in Airflow 3, you they are not affected.",
  "id": "GHSA-66h8-3g48-6hx8",
  "modified": "2026-06-05T14:18:05Z",
  "published": "2025-12-17T12:30:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67895"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/59143"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2025-87.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/12/16/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context"
}

GHSA-6W4Q-23CF-J9JP

Vulnerability from github – Published: 2022-09-21 18:32 – Updated: 2022-09-21 18:32
VLAI
Summary
parse-server's session object properties can be updated by foreign user if object ID is known
Details

Impact

A foreign user can write to the session object of another user if the session object ID is known. For example, a foreign user can assign the session object to their own user by writing to the user field and then read any custom fields of that session object.

Note that assigning a session to a foreign user does not usually change the privileges of neither of the two users, according to how Parse Server uses session objects internally. However, if custom logic is used to relate specific session objects to privileges this vulnerability may have a higher level of severity.

The vulnerability does not allow a foreign user to assign a session object to themselves, read the session token, and then reassign the session object to the original user to then authenticate as that user with the known session token. The vulnerability only exists for foreign session objects, a user cannot assign their own session to another user.

While it is unlikely that the session object ID of another user is known, it is possible to brute-force guess an object ID, even though the attacker would not know to which user a successfully guessed session object ID belongs.

Patches

The fix prevents writing to foreign session objects, even if the session object ID is known.

Workarounds

Add a beforeSave trigger to the _Session class and prevent writing if the requesting user is different from the user in the session object.

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.10.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276",
      "CWE-669"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-21T18:32:01Z",
    "nvd_published_at": "2022-09-23T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nA foreign user can write to the session object of another user if the session object ID is known. For example, a foreign user can assign the session object to their own user by writing to the `user` field and then read any custom fields of that session object.\n\nNote that assigning a session to a foreign user does not usually change the privileges of neither of the two users, according to how Parse Server uses session objects internally. However, if custom logic is used to relate specific session objects to privileges this vulnerability may have a higher level of severity.\n\nThe vulnerability does not allow a foreign user to assign a session object to themselves, read the session token, and then reassign the session object to the original user to then authenticate as that user with the known session token. The vulnerability only exists for foreign session objects, a user cannot assign their own session to another user.\n\nWhile it is unlikely that the session object ID of another user is known, it is possible to brute-force guess an object ID, even though the attacker would not know to which user a successfully guessed session object ID belongs.\n\n### Patches\n\nThe fix prevents writing to foreign session objects, even if the session object ID is known.\n\n### Workarounds\n\nAdd a `beforeSave` trigger to the `_Session` class and prevent writing if the requesting user is different from the user in the session object.\n\n### References\n\n- GitHub advisory [GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)",
  "id": "GHSA-6w4q-23cf-j9jp",
  "modified": "2022-09-21T18:32:01Z",
  "published": "2022-09-21T18:32:01Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39225"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/commit/37fed3062ccc3ef1dfd49a9fc53318e72b3e4aff"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/parse-community/parse-server"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/releases/tag/4.10.15"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/releases/tag/5.2.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "parse-server\u0027s session object properties can be updated by foreign user if object ID is known"
}

GHSA-6W7J-PWH6-F5F5

Vulnerability from github – Published: 2025-05-13 09:31 – Updated: 2025-05-13 09:31
VLAI
Details

An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41645"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T09:15:21Z",
    "severity": "HIGH"
  },
  "details": "An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.",
  "id": "GHSA-6w7j-pwh6-f5f5",
  "modified": "2025-05-13T09:31:09Z",
  "published": "2025-05-13T09:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41645"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2025-010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-728R-3WG7-P328

Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-09-16 15:32
VLAI
Details

Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administration section.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-16T06:16:06Z",
    "severity": "LOW"
  },
  "details": "Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administration section.",
  "id": "GHSA-728r-3wg7-p328",
  "modified": "2025-09-16T15:32:31Z",
  "published": "2025-09-16T15:32:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59453"
    },
    {
      "type": "WEB",
      "url": "https://www.clickstudios.com.au/passwordstate-changelog.aspx"
    },
    {
      "type": "WEB",
      "url": "https://www.clickstudios.com.au/security/advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75HX-V6J6-M6H7

Vulnerability from github – Published: 2025-09-15 06:30 – Updated: 2025-09-15 06:30
VLAI
Details

In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59378"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-669"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T06:15:37Z",
    "severity": "MODERATE"
  },
  "details": "In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).",
  "id": "GHSA-75hx-v6j6-m6h7",
  "modified": "2025-09-15T06:30:27Z",
  "published": "2025-09-15T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59378"
    },
    {
      "type": "WEB",
      "url": "https://codeberg.org/guix/guix/commit/1618ca7aa2ee8b6519ee9fd0b965e15eca2bfe45"
    },
    {
      "type": "WEB",
      "url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerability-2025-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7899-W6C4-VQC4

Vulnerability from github – Published: 2025-05-05 17:03 – Updated: 2025-05-05 22:06
VLAI
Summary
@misskey-dev/summaly Redirect Filter Bypass
Details

Summary

A logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced.

Details

In the main summaly function, a new scrapingOptions object is created and passed to either the matched plugin, if any, or the default summarize function. The issue here is that the new scrapingOptions object is not provided the allowRedirects property of opts.

PoC

  • Publish a post containing a link to any URL that redirects on Misskey.
  • A preview will be generated for the target of the redirect, despite Misskey passing allowRedirects: false.

Impact

Misskey will follow redirects, despite explicitly requesting not to.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@misskey-dev/summaly"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.1"
            },
            {
              "fixed": "5.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-46553"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601",
      "CWE-665",
      "CWE-669",
      "CWE-693"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-05T17:03:20Z",
    "nvd_published_at": "2025-05-05T19:15:56Z",
    "severity": "LOW"
  },
  "details": "### Summary\nA logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn\u0027t enforced.\n\n### Details\nIn the main `summaly` function, a new `scrapingOptions` object is created and passed to either the matched plugin, if any, or the default summarize function. The issue here is that the new `scrapingOptions` object is not provided the `allowRedirects` property of `opts`.\n\n### PoC\n- Publish a post containing a link to any URL that redirects on Misskey.\n- A preview will be generated for the target of the redirect, despite Misskey passing `allowRedirects: false`.\n\n### Impact\nMisskey will follow redirects, despite explicitly requesting not to.",
  "id": "GHSA-7899-w6c4-vqc4",
  "modified": "2025-05-05T22:06:39Z",
  "published": "2025-05-05T17:03:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/misskey-dev/summaly/security/advisories/GHSA-7899-w6c4-vqc4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46553"
    },
    {
      "type": "WEB",
      "url": "https://github.com/misskey-dev/summaly/commit/45153b4f08a772c395a13f7a25399dd87ed022ed"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/misskey-dev/summaly"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "@misskey-dev/summaly Redirect Filter Bypass"
}

GHSA-79W7-VH3H-8G4J

Vulnerability from github – Published: 2024-07-02 15:58 – Updated: 2024-07-05 17:54
VLAI
Summary
yt-dlp File system modification and RCE through improper file-extension sanitization
Details

Summary

yt-dlp does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows). Since yt-dlp also reads config from the working directory (and on Windows executables will be executed from the yt-dlp directory) this could lead to arbitrary code being executed.

Patches

yt-dlp version 2024.07.01 fixes this issue by whitelisting the allowed extensions. This means some very uncommon extensions might not get downloaded; however, it will also limit the possible exploitation surface.

Workarounds

It is recommended to upgrade yt-dlp to version 2024.07.01 as soon as possible, always have .%(ext)s at the end of the output template, and make sure you trust the websites that you are downloading from. Also, make sure to never download to a directory within PATH or other sensitive locations like your user directory, system32, or other binaries locations.

For users not able to upgrade: - Make sure the extension of the media to download is a common video/audio/sub/... one - Try to avoid the generic extractor (--ies default,-generic) - Keep the default output template (-o "%(title)s [%(id)s].%(ext)s) - Omit any of the subtitle options (--write-subs, --write-auto-subs, --all-subs, --write-srt) - Use --ignore-config --config-location ... to not load config from common locations

Details

One potential exploitation might look like this:

From a mimetype we do not know, we default to trimming the leading bit and using the remainder. Given a webpage that contains

<script type="application/ld+json">
{
    "@context": "https://schema.org",
    "@type": "VideoObject",
    "name": "ffmpeg",
    "encodingFormat": "video/exe",
    "contentUrl": "https://example.com/video.mp4"
}
</script>

this will try and download a file called ffmpeg.exe (-o "%(title)s.%(ext)s). ffmpeg.exe will be searched for in the current directory, and so upon the next run arbitrary code can be executed.

Alternatively, when engineering a file called yt-dlp.conf to be created, the config file could contain --exec ... and so would also execute arbitrary code.

Acknowledgement

A big thanks to @JarLob for independently finding a new application of the same underlying issue. More can be read about on the dedicated GitHub Security Lab disclosure here: Path traversal saving subtitles (GHSL-2024-090)

References

  • https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
  • https://nvd.nist.gov/vuln/detail/CVE-2024-38519
  • https://github.com/yt-dlp/yt-dlp/releases/tag/2024.07.01
  • https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a
  • https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "yt-dlp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2024.07.01"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-38519"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434",
      "CWE-669"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-02T15:58:35Z",
    "nvd_published_at": "2024-07-02T14:15:13Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n`yt-dlp` does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows). Since `yt-dlp` also reads config from the working directory (and on Windows executables will be executed from the yt-dlp directory) this could lead to arbitrary code being executed.\n\n### Patches\n`yt-dlp` version 2024.07.01 fixes this issue by whitelisting the allowed extensions.\nThis means some very uncommon extensions might not get downloaded; however, it will also limit the possible exploitation surface.\n\n### Workarounds\nIt is recommended to upgrade yt-dlp to version 2024.07.01 as soon as possible, **always** have `.%(ext)s` at the end of the output template, and make sure you trust the websites that you are downloading from. Also, make sure to never download to a directory within PATH or other sensitive locations like your user directory, `system32`, or other binaries locations.\n\nFor users not able to upgrade:\n- Make sure the extension of the media to download is a common video/audio/sub/... one\n- Try to avoid the generic extractor (`--ies default,-generic`)\n- Keep the default output template (`-o \"%(title)s [%(id)s].%(ext)s`)\n- Omit any of the subtitle options (`--write-subs`, `--write-auto-subs`, `--all-subs`, `--write-srt`)\n- Use `--ignore-config --config-location ...` to not load config from common locations\n\n### Details\nOne potential exploitation might look like this:\n\nFrom a mimetype we do not know, we default to trimming the leading bit and using the remainder. Given a webpage that contains\n```html\n\u003cscript type=\"application/ld+json\"\u003e\n{\n    \"@context\": \"https://schema.org\",\n    \"@type\": \"VideoObject\",\n    \"name\": \"ffmpeg\",\n    \"encodingFormat\": \"video/exe\",\n    \"contentUrl\": \"https://example.com/video.mp4\"\n}\n\u003c/script\u003e\n```\nthis will try and download a file called `ffmpeg.exe` (`-o \"%(title)s.%(ext)s`).\n`ffmpeg.exe` will be searched for in the current directory, and so upon the next run arbitrary code can be executed.\n\nAlternatively, when engineering a file called `yt-dlp.conf` to be created, the config file could contain `--exec ...` and so would also execute arbitrary code.\n\n### Acknowledgement\nA big thanks to @JarLob for independently finding a new application of the same underlying issue.\nMore can be read about on the dedicated GitHub Security Lab disclosure here: [Path traversal saving subtitles (GHSL-2024-090)](\u003chttps://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp\u003e)\n\n### References\n- https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j\n- https://nvd.nist.gov/vuln/detail/CVE-2024-38519\n- https://github.com/yt-dlp/yt-dlp/releases/tag/2024.07.01\n- https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a\n- https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp\n",
  "id": "GHSA-79w7-vh3h-8g4j",
  "modified": "2024-07-05T17:54:51Z",
  "published": "2024-07-02T15:58:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38519"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ytdl-org/youtube-dl/pull/32830"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ytdl-org/youtube-dl/commit/d42a222ed541b96649396ef00e19552aef0f09ec"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/yt-dlp/yt-dlp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yt-dlp/yt-dlp/releases/tag/2024.07.01"
    },
    {
      "type": "ADVISORY",
      "url": "https://securitylab.github.com/advisories/GHSL-2024-089_youtube-dl"
    },
    {
      "type": "ADVISORY",
      "url": "https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "yt-dlp File system modification and RCE through improper file-extension sanitization"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.