Skip to content
This repository has been archived by the owner on Dec 17, 2022. It is now read-only.

Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs

High
impredicative published GHSA-r82c-j4mq-5xfw Oct 23, 2020

Package

pip bitlyshortener (pip)

Affected versions

<0.5.0

Patched versions

0.5.0

Description

Impact

Due to a sudden upstream breaking change by Bitly, versions of bitlyshortener <0.5.0 can generate an invalid short URL when a vanity domain exists.

Patches

Upgrading bitlyshortener to 0.5.0 or newer will prevent the generation of any such invalid short URLs.

References

Severity

High

CVE ID

No known CVE

Weaknesses

No CWEs