VYPR
Unrated severityNVD Advisory· Published Apr 16, 2024· Updated Aug 1, 2024

Unauthorized Radar Creation in lunary-ai/lunary

CVE-2024-1666

Description

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result, attackers can bypass the intended account upgrade requirement by directly sending crafted requests to the server, enabling the creation of an unlimited number of radars without payment.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lunary AI/Lunaryllm-fuzzy2 versions
    = 1.0.0+ 1 more
    • (no CPE)range: = 1.0.0
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.