Описание
Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls
Type juggling vulnerability in the API
Impact
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the API component that can result in login bypass.
Patches
https://github.com/YOURLS/YOURLS/releases/tag/1.7.4 https://github.com/YOURLS/YOURLS/pull/2542
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14537
- https://github.com/Wocanilo/CVE-2019-14537
For more information
If you have any questions or comments about this advisory:
- Open an issue in YOURLS repository
Ссылки
- https://github.com/YOURLS/YOURLS/security/advisories/GHSA-vf23-f26f-mjj9
- https://nvd.nist.gov/vuln/detail/CVE-2019-14537
- https://github.com/YOURLS/YOURLS/pull/2542
- https://github.com/Wocanilo/CVE-2019-14537
- https://github.com/YOURLS/YOURLS/commits/master
- https://github.com/YOURLS/YOURLS/releases
- https://github.com/advisories/GHSA-vf23-f26f-mjj9
- https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling
Пакеты
Наименование
yourls/yourls
composer
Затронутые версииВерсия исправления
< 1.7.4
1.7.4
Связанные уязвимости
CVSS3: 9.8
nvd
больше 6 лет назад
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.