VYPR
Unrated severityNVD Advisory· Published Jun 6, 2024· Updated Nov 3, 2024

Improper Access Control in lunary-ai/lunary

CVE-2024-5131

Description

An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in any projects by supplying a specific prompt ID to an endpoint that does not adequately verify the ownership of the prompt ID. This issue was fixed in version 1.2.25.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lunary AI/Lunaryllm-fuzzy2 versions
    <=1.2.2+ 1 more
    • (no CPE)range: <=1.2.2
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.