Kitsumed

**Name of the Vulnerable Software and Affected Versions** YoutubeDLSharp versions 1.0.0-beta4 through 1.1.2 **Description** The issue is related to an unsafe conversion of arguments, allowing the injection of malicious commands when starting `yt-dlp` from a command prompt on Windows OS with the `UseWindowsEncodingWorkaround` value defined as true. This is the default behavior, especially when using built-in methods from the YoutubeDL.cs file, where the value cannot be disabled. The problem has been patched in version 1.1.2. **Recommendations** For versions 1.0.0-beta4 through 1.1.2, update to version 1.1.2 to resolve the issue. As a temporary workaround, consider disabling the `UseWindowsEncodingWorkaround` value, if possible, until a patch is applied. Restrict access to the `yt-dlp` command prompt on Windows OS to minimize the risk of exploitation.