CVE-2019-14537
CRITICAL9.8EPSS 14.7%Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls
發布日:2019/9/23修改日:2023/11/8
描述
## Type juggling vulnerability in the API ### Impact YOURLS through 1.7.3 is affected by a type juggling vulnerability in the API component that can result in login bypass. ### Patches https://github.com/YOURLS/YOURLS/releases/tag/1.7.4 https://github.com/YOURLS/YOURLS/pull/2542 ### References * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14537 * https://github.com/Wocanilo/CVE-2019-14537 ### For more information If you have any questions or comments about this advisory: * Open an issue in [YOURLS repository](https://github.com/YOURLS/YOURLS)
受影響套件(1)
- Packagist/yourls/yourlsfrom 0, < 1.7.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(9)
- ADVISORYhttps://github.com/advisories/GHSA-vf23-f26f-mjj9
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-14537
- PATCHhttps://github.com/YOURLS/YOURLS
- WEBhttps://github.com/Wocanilo/CVE-2019-14537
- WEBhttps://github.com/YOURLS/YOURLS/commits/master
- WEBhttps://github.com/YOURLS/YOURLS/pull/2542
- WEBhttps://github.com/YOURLS/YOURLS/releases
- WEBhttps://github.com/YOURLS/YOURLS/security/advisories/GHSA-vf23-f26f-mjj9
- WEBhttps://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling