What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Codehaveli Bitly URL Shortener codehaveli-bitly-url-shortener allows Cross Site Request Forgery.This issue affects Bitly URL Shortener: from n/a through <= 1.4.1.
Explanation of Vulnerability in Simple Terms
02Summary
Bitly URL Shortener versions up to 1.4.1 contain a cross-site request forgery vulnerability. An attacker can craft a malicious link that, when visited by a logged-in user, performs unwanted actions on their behalf. The vulnerability requires user interaction—the victim must click the attacker's link. Impact is limited to integrity (data modification), not confidentiality or availability.
What an attacker can do
03Attacker Capabilities
Perform unwanted actions on a user's account when they click a malicious link while logged in.
Potential impact on your site
04Site Impact
Users' shortened URL configurations or account settings could be modified without their knowledge if they click malicious links.
Conditions required to exploit
05Prerequisites
User must be logged in and click an attacker-crafted link; no special privileges required.
Key dates
06Disclosure timeline
June 6, 2025
CVE published
April 28, 2026
Record updated