VYPR
Unrated severityNVD Advisory· Published May 20, 2024· Updated Jan 31, 2025

Improper Access Control in lunary-ai/lunary

CVE-2024-4151

Description

An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to manipulate or access sensitive project data, potentially leading to data integrity and confidentiality issues.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lunary AI/Lunaryllm-fuzzy2 versions
    = 1.2.2+ 1 more
    • (no CPE)range: = 1.2.2
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.