Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-24739

Date: March 8, 2022

alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the "stream" option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability.

Language: PHP

Severity Score

Related Resources (10)

https://github.com/ytdl-org/youtube-dl/issues/30691
https://github.com/Rudloff/alltube/commit/8913f27716400dabf4906a5ad690a5238f73496a
https://github.com/FriendsOfPHP/security-advisories/blob/master/rudloff/alltube/CVE-2022-24739.yaml
https://github.com/Rudloff/alltube/commit/bc14b6e45c766c05757fb607ef8d444cbbfba71a
https://github.com/Rudloff/alltube
https://github.com/Rudloff/alltube/releases/tag/3.0.3
https://github.com/Rudloff/alltube/security/advisories/GHSA-75p7-527p-w8wp
https://nvd.nist.gov/vuln/detail/CVE-2022-24739
https://github.com/Rudloff/alltube/commit/3a4f09dda0a466662a4e52cde674749e0c668e8d
https://www.mend.io/vulnerability-database/CVE-2022-24739

Severity Score

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): HIGH
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us