{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T18:36:27.538","vulnerabilities":[{"cve":{"id":"CVE-2025-43858","sourceIdentifier":"security-advisories@github.com","published":"2025-04-24T18:15:20.120","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting `yt-dlp` from a commands prompt running on Windows OS with the `UseWindowsEncodingWorkaround` value defined to true (default behavior). If a user is using built-in methods from the YoutubeDL.cs file, the value is true by default and a user cannot disable it from these methods. This issue has been patched in version 1.1.2."},{"lang":"es","value":"YoutubeDLSharp es un contenedor para los descargadores de vídeo de línea de comandos youtube-dl y yt-dlp. En versiones a partir de la 1.0.0-beta4 y anteriores a la 1.1.2, una conversión insegura de argumentos permite la inyección de comandos maliciosos al iniciar `yt-dlp` desde un símbolo del sistema en Windows con el valor `UseWindowsEncodingWorkaround` definido como verdadero (comportamiento predeterminado). Si un usuario utiliza métodos integrados del archivo YoutubeDL.cs, el valor es verdadero por defecto y no se puede desactivar desde estos métodos. Este problema se ha corregido en la versión 1.1.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/Bluegrams/YoutubeDLSharp/commit/b6051372bd5af30f95f73de47d9bc71c3a07de0f","source":"security-advisories@github.com"},{"url":"https://github.com/Bluegrams/YoutubeDLSharp/commit/fdf3256da18d0e2da4a2f33ad4a1b72ff8273a50","source":"security-advisories@github.com"},{"url":"https://github.com/Bluegrams/YoutubeDLSharp/security/advisories/GHSA-2jh5-g5ch-43q5","source":"security-advisories@github.com"},{"url":"https://github.com/Bluegrams/YoutubeDLSharp/security/advisories/GHSA-2jh5-g5ch-43q5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}