Moderate severityNVD Advisory· Published Nov 14, 2023· Updated Aug 29, 2024

Generic Extractor MITM Vulnerability in yt-dlp

CVE-2023-46121

Description

yt-dlp's Generic Extractor mis-handles http_headers smuggling, allowing an attacker to set an arbitrary proxy and perform MITM attacks, potentially exfiltrating cookies.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

yt-dlp's Generic Extractor mis-handles `http_headers` smuggling, allowing an attacker to set an arbitrary proxy and perform MITM attacks, potentially exfiltrating cookies.

Vulnerability

Overview

CVE-2023-46121 is a security flaw in yt-dlp, a command-line audio/video downloader forked from youtube-dl. The vulnerability resides in the Generic Extractor, which is used as a fallback for unsupported websites. Due to improper handling of smuggled http_headers, an attacker can inject an arbitrary proxy into an HTTP request made by yt-dlp. This enables the attacker to perform a man-in-the-middle (MITM) attack on that request [1], [2]. The root cause is the ability to pass arbitrary header values via the smuggle_url mechanism, allowing the Ytdl-socks-proxy header (or similar) to be set by an untrusted source.

Exploitation

Scenario

An attacker can trigger this vulnerability by supplying a malicious URL that, when processed by the Generic Extractor, includes smuggled headers with a proxy directive. No authentication is required; the attack can be performed remotely if a user downloads content from an untrusted or attacker-controlled source. The vulnerability does not require any special network position if the attacker can serve a crafted page or redirect the Generic Extractor to a URL that contains the malicious headers. The attack surface is broad because the Generic Extractor is enabled by default [2].

Impact and

Mitigation

If successfully exploited, the attacker can intercept, modify, or redirect the HTTP traffic from yt-dlp, leading to potential credential theft, cookie exfiltration, or further compromise of the user's session. The impact is especially severe when combined with the --no-check-certificate option, which disables TLS verification, making MITM attacks trivial [2]. The official advisory recommends upgrading to yt-dlp version 2023.11.14 or later, which removes the ability to smuggle http_headers and replaces it with specific, controlled headers [3], [4]. Users unable to upgrade should disable the Generic Extractor or only pass trusted sites and content, and avoid using --no-check-certificate [2].

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
yt-dlpPyPI	>= 2022.10.04, < 2023.11.14	2023.11.14

Affected products

ghsa-coords4 versions
pkg:pypi/yt-dlp pkg:rpm/opensuse/yt-dlp&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/yt-dlp&distro=openSUSE%20Tumbleweed pkg:rpm/suse/yt-dlp&distro=SUSE%20Package%20Hub%2015%20SP5
>= 2022.10.04, < 2023.11.14+ 3 more
- (no CPE)range: >= 2022.10.04, < 2023.11.14
- (no CPE)range: < 2023.11.14-bp155.3.3.1
- (no CPE)range: < 2023.11.16-1.1
- (no CPE)range: < 2023.11.14-bp155.3.3.1
yt-dlp/yt-dlpv5
Range: >= 2022.10.04, < 2023.11.14

Patches

f04b5bedad7b

[ie] Do not smuggle `http_headers`

https://github.com/yt-dlp/yt-dlpbashonlyAug 16, 2023via ghsa

commit

9 files changed · +19 −15

test/test_networking.py+4 −0 modified

@@ -1293,6 +1293,10 @@ def test_clean_header(self):
             assert 'Youtubedl-no-compression' not in rh.headers
             assert rh.headers.get('Accept-Encoding') == 'identity'
 
+        with FakeYDL({'http_headers': {'Ytdl-socks-proxy': 'socks://localhost:1080'}}) as ydl:
+            rh = self.build_handler(ydl)
+            assert 'Ytdl-socks-proxy' not in rh.headers
+
     def test_build_handler_params(self):
         with FakeYDL({
             'http_headers': {'test': 'testtest'},

yt_dlp/extractor/cybrary.py+1 −1 modified

@@ -105,7 +105,7 @@ def _real_extract(self, url):
             'chapter': module.get('title'),
             'chapter_id': str_or_none(module.get('id')),
             'title': activity.get('title'),
-            'url': smuggle_url(f'https://player.vimeo.com/video/{vimeo_id}', {'http_headers': {'Referer': 'https://api.cybrary.it'}})
+            'url': smuggle_url(f'https://player.vimeo.com/video/{vimeo_id}', {'referer': 'https://api.cybrary.it'})
         }

yt_dlp/extractor/duboku.py+1 −1 modified

@@ -138,7 +138,7 @@ def _real_extract(self, url):
             # of the video.
             return {
                 '_type': 'url_transparent',
-                'url': smuggle_url(data_url, {'http_headers': headers}),
+                'url': smuggle_url(data_url, {'referer': webpage_url}),
                 'id': video_id,
                 'title': title,
                 'series': series_title,

yt_dlp/extractor/embedly.py+1 −1 modified

@@ -106,4 +106,4 @@ def _real_extract(self, url):
             return self.url_result(src, YoutubeTabIE)
         return self.url_result(smuggle_url(
             urllib.parse.unquote(traverse_obj(qs, ('src', 0), ('url', 0))),
-            {'http_headers': {'Referer': url}}))
+            {'referer': url}))

yt_dlp/extractor/generic.py+6 −5 modified

@@ -17,6 +17,7 @@
     determine_protocol,
     dict_get,
     extract_basic_auth,
+    filter_dict,
     format_field,
     int_or_none,
     is_html,
@@ -2435,10 +2436,10 @@ def _real_extract(self, url):
         # to accept raw bytes and being able to download only a chunk.
         # It may probably better to solve this by checking Content-Type for application/octet-stream
         # after a HEAD request, but not sure if we can rely on this.
-        full_response = self._request_webpage(url, video_id, headers={
+        full_response = self._request_webpage(url, video_id, headers=filter_dict({
             'Accept-Encoding': 'identity',
-            **smuggled_data.get('http_headers', {})
-        })
+            'Referer': smuggled_data.get('referer'),
+        }))
         new_url = full_response.url
         url = urllib.parse.urlparse(url)._replace(scheme=urllib.parse.urlparse(new_url).scheme).geturl()
         if new_url != extract_basic_auth(url)[0]:
@@ -2458,7 +2459,7 @@ def _real_extract(self, url):
         m = re.match(r'^(?P<type>audio|video|application(?=/(?:ogg$|(?:vnd\.apple\.|x-)?mpegurl)))/(?P<format_id>[^;\s]+)', content_type)
         if m:
             self.report_detected('direct video link')
-            headers = smuggled_data.get('http_headers', {})
+            headers = filter_dict({'Referer': smuggled_data.get('referer')})
             format_id = str(m.group('format_id'))
             ext = determine_ext(url, default_ext=None) or urlhandle_detect_ext(full_response)
             subtitles = {}
@@ -2710,7 +2711,7 @@ def _extract_embeds(self, url, webpage, *, urlh=None, info_dict={}):
                 'url': smuggle_url(json_ld['url'], {
                     'force_videoid': video_id,
                     'to_generic': True,
-                    'http_headers': {'Referer': url},
+                    'referer': url,
                 }),
             }, json_ld)]

yt_dlp/extractor/slideslive.py+1 −1 modified

@@ -530,7 +530,7 @@ def _real_extract(self, url):
             if service_name == 'vimeo':
                 info['url'] = smuggle_url(
                     f'https://player.vimeo.com/video/{service_id}',
-                    {'http_headers': {'Referer': url}})
+                    {'referer': url})
 
         video_slides = traverse_obj(slides, ('slides', ..., 'video', 'id'))
         if not video_slides:

yt_dlp/extractor/storyfire.py+1 −3 modified

@@ -32,9 +32,7 @@ def _parse_video(self, video):
             'description': video.get('description'),
             'url': smuggle_url(
                 'https://player.vimeo.com/video/' + vimeo_id, {
-                    'http_headers': {
-                        'Referer': 'https://storyfire.com/',
-                    }
+                    'referer': 'https://storyfire.com/',
                 }),
             'thumbnail': video.get('storyImage'),
             'view_count': int_or_none(video.get('views')),

yt_dlp/extractor/vimeo.py+3 −3 modified

@@ -37,14 +37,14 @@ class VimeoBaseInfoExtractor(InfoExtractor):
 
     @staticmethod
     def _smuggle_referrer(url, referrer_url):
-        return smuggle_url(url, {'http_headers': {'Referer': referrer_url}})
+        return smuggle_url(url, {'referer': referrer_url})
 
     def _unsmuggle_headers(self, url):
         """@returns (url, smuggled_data, headers)"""
         url, data = unsmuggle_url(url, {})
         headers = self.get_param('http_headers').copy()
-        if 'http_headers' in data:
-            headers.update(data['http_headers'])
+        if 'referer' in data:
+            headers['Referer'] = data['referer']
         return url, data, headers
 
     def _perform_login(self, username, password):

yt_dlp/utils/networking.py+1 −0 modified

@@ -123,6 +123,7 @@ def clean_headers(headers: HTTPHeaderDict):
     if 'Youtubedl-No-Compression' in headers:  # compat
         del headers['Youtubedl-No-Compression']
         headers['Accept-Encoding'] = 'identity'
+    headers.pop('Ytdl-socks-proxy', None)
 
 
 def remove_dot_segments(path):

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-3ch3-jhc6-5r8xghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-46121ghsaADVISORY
github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092ebghsax_refsource_MISCWEB
github.com/yt-dlp/yt-dlp/releases/tag/2023.11.14ghsax_refsource_MISCWEB
github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8xghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000