Zheny-Creator

**Name of the Vulnerable Software and Affected Versions** yt-grabber-tui versions prior to 1.0-rc **Description** yt-grabber-tui is a terminal user interface application for downloading videos. Versions before 1.0-rc allow configuration of the path to the `yt-dlp` executable via the `path to yt dlp` configuration setting. An attacker with write access to the configuration file or the filesystem location of the configured executable can replace the executable with malicious code or create a symbolic link to an arbitrary executable. When the application invokes `yt-dlp`, the malicious code is executed with the privileges of the user running yt-grabber-tui. **Recommendations** Update to version 1.0-rc or later.