CVE-2024-5755

In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., 'attacker123@gmail.com' and 'attacker.123@gmail.com'), leading to incorrect synchronization and potential security issues.
References
Link Resource
https://huntr.com/bounties/cf337d37-e602-482b-aa7a-9e34e7f13e1f Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*

History

19 Sep 2024, 15:49

Type Values Removed Values Added
First Time Lunary
Lunary lunary
CPE cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*
References () https://huntr.com/bounties/cf337d37-e602-482b-aa7a-9e34e7f13e1f - () https://huntr.com/bounties/cf337d37-e602-482b-aa7a-9e34e7f13e1f - Exploit, Third Party Advisory
CWE NVD-CWE-Other
Summary
  • (es) En las versiones lunary-ai/lunary &lt;=v1.2.11, un atacante puede eludir la validación del correo electrónico utilizando un carácter de punto ('.') en la dirección de correo electrónico. Esto permite la creación de varias cuentas con esencialmente la misma dirección de correo electrónico (por ejemplo, 'attacker123@gmail.com' y 'attacker.123@gmail.com'), lo que genera una sincronización incorrecta y posibles problemas de seguridad.

27 Jun 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-27 19:15

Updated : 2024-09-19 15:49


NVD link : CVE-2024-5755

Mitre link : CVE-2024-5755

CVE.ORG link : CVE-2024-5755


JSON object : View

Products Affected

lunary

  • lunary
CWE
NVD-CWE-Other CWE-821

Incorrect Synchronization