VYPR

npm package

@lunary/backend

pkg:npm/%40lunary/backend

Vulnerabilities (1)

  • CVE-2024-6862Sep 13, 2024
    affected < 1.4.10fixed 1.4.10

    A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. This vulnerability allows an attacker to sign up for and create projects or use the instance as if they were a user with local access. The main atta