What is GHSA-vf23-f26f-mjj9?

GHSA-vf23-f26f-mjj9 is a security advisory published by GitHub Security Advisories with Critical severity. Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls

Which CVE IDs does GHSA-vf23-f26f-mjj9 cover?

GHSA-vf23-f26f-mjj9 covers the following CVE IDs: CVE-2019-14537. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-vf23-f26f-mjj9?

GHSA-vf23-f26f-mjj9 has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

Which products are affected by GHSA-vf23-f26f-mjj9?

GHSA-vf23-f26f-mjj9 affects 1 product, including: composer/yourls/yourls:\u003c 1.7.4.

GHSA-vf23-f26f-mjj9CriticalCVSS 9.8

Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls

Vendor

GitHub Security Advisories

Published

September 23, 2019

Last Modified

June 8, 2026

🔗 CVE IDs covered (1)

CVE-2019-14537 →

📋 Description

Impact

YOURLS through 1.7.3 is affected by a type juggling vulnerability in the API component that can result in login bypass.

Patches

https://github.com/YOURLS/YOURLS/releases/tag/1.7.4 https://github.com/YOURLS/YOURLS/pull/2542

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14537
https://github.com/Wocanilo/CVE-2019-14537

For more information

If you have any questions or comments about this advisory:

Open an issue in YOURLS repository

🎯 Affected products1

composer/yourls/yourls:< 1.7.4

🔗 References (8)

https://github.com/YOURLS/YOURLS/security/advisories/GHSA-vf23-f26f-mjj9
https://nvd.nist.gov/vuln/detail/CVE-2019-14537
https://github.com/YOURLS/YOURLS/pull/2542
https://github.com/Wocanilo/CVE-2019-14537
https://github.com/YOURLS/YOURLS/commits/master
https://github.com/YOURLS/YOURLS/releases
https://github.com/advisories/GHSA-vf23-f26f-mjj9
https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling