Key Information Vulnerability Name Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection CVE ID CVE-2023-46121 CVSS V3 Base Metrics Severity: Medium (5.0 / 10) Attack Vector: Network Attack Complexity: High Required Privileges: None User Interaction: Required Scope: Unchanged Confidentiality Impact: Low Integrity Impact: Low Availability Impact: Low Impact The generic extractor in yt-dlp is vulnerable to attackers injecting arbitrary proxies, enabling Man-in-the-Middle (MITM) attacks on HTTP sessions initiated by requests to any URL, potentially leading to cookie leakage in certain scenarios. Affected Versions >=2022.10.04 Fixed Version 2023.11.14 Fix Details Removed the ability to smuggle into the generic extractor and other extractors using the same pattern. Temporary Mitigation Disable the generic extractor (use or ), or only pass trusted content from trusted sites. Use with caution. Weakness CWE-15: External Control of Proxy Settings References GHSA-3ch3-jhc6-5r8x CVE-2023-46121 yt-dlp 2023.11.14 Release f84b5be