{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T14:04:45.473","vulnerabilities":[{"cve":{"id":"CVE-2024-39899","sourceIdentifier":"security-advisories@github.com","published":"2024-07-09T19:15:13.160","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can shorten any URL pointing to the configured PrivateBin instance. The vulnerability allowed other URLs to be shortened, as long as they contain the PrivateBin instance, defeating the limit imposed by the proxy. This vulnerability is fixed in 1.7.4."},{"lang":"es","value":"PrivateBin es un pastbin en línea donde el servidor no tiene conocimiento de los datos pegados. En v1.5, PrivateBin introdujo el proxy del lado del servidor YOURLS. La idea era permitir el uso del acortador de URL de YOURLs sin ejecutar la instancia de YOURLs sin autenticación y/o exponer el token de autenticación al público, permitiendo a cualquiera acortar cualquier URL. Con el mecanismo de proxy, cualquiera puede acortar cualquier URL que apunte a la instancia de PrivateBin configurada. La vulnerabilidad permitió acortar otras URL, siempre que contengan la instancia PrivateBin, anulando el límite impuesto por el proxy. Esta vulnerabilidad se solucionó en 1.7.4."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-305"},{"lang":"en","value":"CWE-791"}]}],"references":[{"url":"https://github.com/PrivateBin/PrivateBin/commit/0c4e810e6728f67d678458838d8430dfba4fcca4","source":"security-advisories@github.com"},{"url":"https://github.com/PrivateBin/PrivateBin/pull/1370","source":"security-advisories@github.com"},{"url":"https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-mqqj-fx8h-437j","source":"security-advisories@github.com"},{"url":"https://github.com/PrivateBin/PrivateBin/commit/0c4e810e6728f67d678458838d8430dfba4fcca4","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/PrivateBin/PrivateBin/pull/1370","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-mqqj-fx8h-437j","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}