Skip to content


Choose a tag to compare
@Rudloff Rudloff released this
· 7 commits to master since this release

This release fixes a vulnerability that could be used to trigger either an open redirect attack or a Server-Side Request Forgery attack (see GHSA-75p7-527p-w8wp).

The fix requires applying a patch to youtube-dl to disable its generic extractor. If you are using the version of youtube-dl bundled with 3.0.3, it is already patched.
However, if you are using your own unpatched version of youtube-dl you might still be vulnerable.