PT-2022-13424 · Alltube+1 · Alltube+1
Published
2022-02-28
·
Updated
2022-03-08
·
CVE-2022-0768
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
alltube versions prior to 3.0.2
Description
The issue allows an attacker to send a request to an internal hostname, exploiting a Server-Side Request Forgery vulnerability. This vulnerability affects releases prior to version 3.0.2.
Recommendations
For versions prior to 3.0.2, update to version 3.0.2 to resolve the issue. Additionally, if using an external version of youtube-dl, apply the patch to youtube-dl to prevent it from following HTTP redirects, as the bundled version with 3.0.2 is already patched.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alltube
Youtube-Dl