exploitDog

CVE-2019-14537

Опубликовано: 07 авг. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.

Ссылки

https://github.com/Wocanilo/CVE-2019-14537
Exploit
Third Party Advisory
https://github.com/YOURLS/YOURLS/commits/master
Patch
Third Party Advisory
https://github.com/YOURLS/YOURLS/pull/2542
Patch
Third Party Advisory
https://github.com/YOURLS/YOURLS/releases
Release Notes
Third Party Advisory
https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling
Exploit
Third Party Advisory
https://github.com/Wocanilo/CVE-2019-14537
Exploit
Third Party Advisory
https://github.com/YOURLS/YOURLS/commits/master
Patch
Third Party Advisory
https://github.com/YOURLS/YOURLS/pull/2542
Patch
Third Party Advisory
https://github.com/YOURLS/YOURLS/releases
Release Notes
Third Party Advisory
https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yourls:yourls:*:*:*:*:*:*:*:*

Версия до 1.7.3 (включая)

EPSS

Процентиль: 94%

0.14963

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-843

Связанные уязвимости

GHSA-vf23-f26f-mjj9

CVSS3: 9.8

github

больше 6 лет назад

Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls

EPSS

Процентиль: 94%

0.14963

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-843

Уязвимость CVE-2019-14537