Gamer191

**Name of the Vulnerable Software and Affected Versions** yt-dlp versions 2025.06.25 and below eslint/plugin-kit version 0.3.3 and earlier **Description** yt-dlp is a command-line audio/video downloader vulnerable to remote code execution on Windows systems when the `--exec` option is used with the default placeholder or {}. This is due to insufficient sanitization of the expanded filepath. A previous mitigation for CVE-2024-22423 did not cover the default placeholder and {} expansion. Additionally, @eslint/plugin-kit is affected by a Regular Expression Denial of Service (ReDoS) vulnerability. **Recommendations** yt-dlp versions 2025.06.25 and below: Upgrade to version 2025.07.21 or later. eslint/plugin-kit versions 0.3.3 and earlier: Upgrade to version 0.3.3 or later.