yt-grabber-tui Symlink-to-Executable Injection Vulnerability Allowing Arbitrary Code Execution

A vulnerability in yt-grabber-tui, a terminal user interface application for downloading videos, allows for arbitrary code execution by exploiting the application's configurable path to the yt-dlp executable. This issue is present in versions prior to 1.0-rc. An attacker with write access to the configuration file or the filesystem location of the yt-dlp executable can replace the executable with malicious code or create a symlink to an arbitrary executable. When yt-grabber-tui invokes yt-dlp, the malicious code is executed with the privileges of the user running the application.

Impact

Exploitation of this vulnerability allows for arbitrary code execution under the privileges of the current user.

Remediation

Users can upgrade to yt-grabber-tui version 1.0-rc to address this vulnerability. If immediate upgrading is not possible, users can ensure that the path_to_yt_dlp configuration points only to a trusted, absolute, canonical path, restrict filesystem permissions to prevent untrusted users from modifying the executable or its symlinks, avoid using shell wrappers for the yt-dlp executable, and optionally validate the executable manually before each run.