HTTP Request Smuggling

2023-11-1508:35:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

http request smuggling

yt-dlp

vulnerability

mitm

software

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.4%

JSON

yt-dlp is vulnerable to HTTP Request Smuggling. The vulnerability is due to _real_extract function in generic.py file there is no validation and sanitization of http_headers included through the URL. This allows an attacker to setting an arbitrary proxy for a request to an arbitrary url, can potentially leads to MITM the request made from yt-dlp’s HTTP session

CPENameOperatorVersion
yt-dlple2023.11.13.232715.dev0
yt-dlp:edgeeq2023.03.04-r0
yt-dlp:edgeeq2022.08.19-r0
yt-dlp:edgeeq2021.10.10-r0
yt-dlp:edgeeq2023.06.22-r1
yt-dlp:edgeeq2023.07.06-r1
yt-dlp:edgeeq2022.08.14-r0
yt-dlp:edgeeq2023.09.24-r0
yt-dlp:edgeeq2022.06.29-r0
yt-dlp:edgeeq2023.06.22-r0

Name	Operator	Version
yt-dlp	le	2023.11.13.232715.dev0
yt-dlp:edge	eq	2023.03.04-r0
yt-dlp:edge	eq	2022.08.19-r0
yt-dlp:edge	eq	2021.10.10-r0
yt-dlp:edge	eq	2023.06.22-r1
yt-dlp:edge	eq	2023.07.06-r1
yt-dlp:edge	eq	2022.08.14-r0
yt-dlp:edge	eq	2023.09.24-r0
yt-dlp:edge	eq	2022.06.29-r0
yt-dlp:edge	eq	2023.06.22-r0