Vulnerabilities > CVE-2019-14537 - Type Confusion vulnerability in Yourls
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 14 |
Common Weakness Enumeration (CWE)
References
- https://github.com/Wocanilo/CVE-2019-14537
- https://github.com/Wocanilo/CVE-2019-14537
- https://github.com/YOURLS/YOURLS/commits/master
- https://github.com/YOURLS/YOURLS/commits/master
- https://github.com/YOURLS/YOURLS/pull/2542
- https://github.com/YOURLS/YOURLS/pull/2542
- https://github.com/YOURLS/YOURLS/releases
- https://github.com/YOURLS/YOURLS/releases
- https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling
- https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling