← Back

Alltube

alltube

Vendor: Alltube Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-24739
1Alltube Project
1Alltube
Nov 21, 2024
Mar 8, 2022
N/A· v4
6.1 MEDIUM· v3
4.0 MEDIUM· v2
alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how All...Show more
alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability.Show less
CVE-2022-0692
1Alltube Project
1Alltube
Nov 21, 2024
Feb 21, 2022
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1.