VYPR
Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025

Broken Access Control in lunary-ai/lunary

CVE-2024-7476

Description

A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/{id}/versions endpoint. This issue is resolved in version 1.4.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lunary AI/Lunaryllm-fuzzy2 versions
    >=1.2.7, <=1.4.2+ 1 more
    • (no CPE)range: >=1.2.7, <=1.4.2
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.