Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1neDdnLXdqeGctand3as04GQ
Cross-Site Request Forgery in YOURLS
YOURLS versions 1.8.2 and prior are vulnerable to Cross-Site Request Forgery.
Permalink: https://github.com/advisories/GHSA-gx7g-wjxg-jwwjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1neDdnLXdqeGctand3as04GQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
CVSS Score: 3.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Identifiers: GHSA-gx7g-wjxg-jwwj, CVE-2022-0088
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0088
- https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59
- https://huntr.dev/bounties/d01f0726-1a0f-4575-ae17-4b5319b11c29
- https://github.com/YOURLS/YOURLS/issues/3170
- https://github.com/YOURLS/YOURLS/pull/3264
- https://github.com/advisories/GHSA-gx7g-wjxg-jwwj
Blast Radius: 2.4
Affected Packages
packagist:yourls/yourls
Dependent packages: 0Dependent repositories: 5
Downloads: 24,994 total
Affected Version Ranges: <= 1.8.2
No known fixed version
All affected versions: 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.9, 1.8.1, 1.8.2