VYPR
Unrated severityNVD Advisory· Published Oct 29, 2024· Updated Jan 9, 2025

IDOR in lunary-ai/lunary

CVE-2024-7474

Description

In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access to external user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lunary AI/Lunaryllm-fuzzy2 versions
    = 1.3.2+ 1 more
    • (no CPE)range: = 1.3.2
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.