VYPR
Unrated severityNVD Advisory· Published Oct 29, 2024· Updated Nov 3, 2024

IDOR Vulnerability in lunary-ai/lunary

CVE-2024-7473

Description

An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lunary AI/Lunaryllm-fuzzy2 versions
    >=1.3.2, <1.4.3+ 1 more
    • (no CPE)range: >=1.3.2, <1.4.3
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.