Alltube

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:alltube_project:alltube:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAlltube Project (46acd210-128a-5ce8-b43e-b9b68a984cc8)
ProductAlltube (d80f9cc7-dd76-58d9-9b39-22c7216383aa)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:docker/rudloff/alltube purl2cpe 2026-06-01 10:12:48.009081
pkg:github/franki-shop/alltube purl2cpe 2026-06-01 10:12:48.009084
pkg:github/rudloff/alltube purl2cpe 2026-06-01 10:12:48.009087
pkg:github/soundbrake/alltube purl2cpe 2026-06-01 10:12:48.009089

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-24739 vulnerable 2026-06-08 05:41:01.497551 Server-Side Request Forgery (SSRF) and URL Redirection to Untrusted Site ('Open Redirect') in alltube
HIGH (7.3)
alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability.
Published: 2022-03-08T21:40:10.000Z
Updated: 2025-04-23T18:56:39.899Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-0692 vulnerable 2026-06-08 05:39:10.545834 Open Redirect on Rudloff/alltube in rudloff/alltube
MEDIUM (4.7)
Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1.
Published: 2022-02-21T12:30:12.000Z
Updated: 2024-08-02T23:40:03.547Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.