Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls
Description
Published to the GitHub Advisory Database
Sep 23, 2019
Reviewed
Jun 16, 2020
Last updated
Jun 8, 2026
Impact
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the API component that can result in login bypass.
Patches
https://github.com/YOURLS/YOURLS/releases/tag/1.7.4
YOURLS/YOURLS#2542
References
For more information
If you have any questions or comments about this advisory:
References