CVE-2019-14537
CRITICAL9.8EPSS 14.7%Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls
Published: 9/23/2019Modified: 11/8/2023
Also known as:GHSA-vf23-f26f-mjj9
Description
## Type juggling vulnerability in the API ### Impact YOURLS through 1.7.3 is affected by a type juggling vulnerability in the API component that can result in login bypass. ### Patches https://github.com/YOURLS/YOURLS/releases/tag/1.7.4 https://github.com/YOURLS/YOURLS/pull/2542 ### References * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14537 * https://github.com/Wocanilo/CVE-2019-14537 ### For more information If you have any questions or comments about this advisory: * Open an issue in [YOURLS repository](https://github.com/YOURLS/YOURLS)
Affected packages (1)
- Packagist/yourls/yourlsfrom 0, < 1.7.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (9)
- ADVISORYhttps://github.com/advisories/GHSA-vf23-f26f-mjj9
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-14537
- PATCHhttps://github.com/YOURLS/YOURLS
- WEBhttps://github.com/Wocanilo/CVE-2019-14537
- WEBhttps://github.com/YOURLS/YOURLS/commits/master
- WEBhttps://github.com/YOURLS/YOURLS/pull/2542
- WEBhttps://github.com/YOURLS/YOURLS/releases
- WEBhttps://github.com/YOURLS/YOURLS/security/advisories/GHSA-vf23-f26f-mjj9
- WEBhttps://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling