{"id":"GHSA-gx7g-wjxg-jwwj","summary":"Cross-Site Request Forgery in YOURLS","details":"YOURLS versions 1.8.2 and prior are vulnerable to Cross-Site Request Forgery.","aliases":["CVE-2022-0088"],"modified":"2026-02-21T07:05:56.756830Z","published":"2022-04-04T00:00:55Z","database_specific":{"github_reviewed_at":"2022-04-05T18:02:00Z","nvd_published_at":"2022-04-03T09:15:00Z","severity":"LOW","cwe_ids":["CWE-352"],"github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0088"},{"type":"WEB","url":"https://github.com/YOURLS/YOURLS/issues/3170"},{"type":"WEB","url":"https://github.com/YOURLS/YOURLS/pull/3264"},{"type":"WEB","url":"https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59"},{"type":"WEB","url":"https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-0088.md"},{"type":"PACKAGE","url":"https://github.com/yourls/yourls"},{"type":"WEB","url":"https://huntr.dev/bounties/d01f0726-1a0f-4575-ae17-4b5319b11c29"}],"affected":[{"package":{"name":"yourls/yourls","ecosystem":"Packagist","purl":"pkg:composer/yourls/yourls"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"1.8.2"}]}],"versions":["1.7.1","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.7.9","1.8","1.8.1","1.8.2"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"}]}