Skip to content

Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs

High severity GitHub Reviewed Published Oct 23, 2020 in impredicative/bitlyshortener • Updated Jan 9, 2023

Package

pip bitlyshortener (pip)

Affected versions

< 0.5.0

Patched versions

0.5.0

Description

Impact

Due to a sudden upstream breaking change by Bitly, versions of bitlyshortener <0.5.0 can generate an invalid short URL when a vanity domain exists.

Patches

Upgrading bitlyshortener to 0.5.0 or newer will prevent the generation of any such invalid short URLs.

References

References

@impredicative impredicative published to impredicative/bitlyshortener Oct 23, 2020
Reviewed Oct 27, 2020
Published to the GitHub Advisory Database Oct 27, 2020
Last updated Jan 9, 2023

Severity

High

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-r82c-j4mq-5xfw

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.