Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls
Description
Published to the GitHub Advisory Database
Sep 23, 2019
Reviewed
Jun 16, 2020
Last updated
Jan 11, 2023
Type juggling vulnerability in the API
Impact
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the API component that can result in login bypass.
Patches
https://github.com/YOURLS/YOURLS/releases/tag/1.7.4
YOURLS/YOURLS#2542
References
For more information
If you have any questions or comments about this advisory:
References