Skip to content

Type juggling vulnerability in the API

ozh published GHSA-vf23-f26f-mjj9 Sep 22, 2019
@ozh

ozh published Sep 22, 2019

moderate severity
CVE-2019-14537 More information
Affected versions: =<1.7.3
Patched versions: 1.7.4

Impact

YOURLS through 1.7.3 is affected by a type juggling vulnerability in the API component that can result in login bypass.

Patches

https://github.com/YOURLS/YOURLS/releases/tag/1.7.4
#2542

References

For more information

If you have any questions or comments about this advisory:

You can’t perform that action at this time.