In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., 'attacker123@gmail.com' and 'attacker.123@gmail.com'), leading to incorrect synchronization and potential security issues.
References
Link | Resource |
---|---|
https://huntr.com/bounties/cf337d37-e602-482b-aa7a-9e34e7f13e1f | Exploit Third Party Advisory |
https://huntr.com/bounties/cf337d37-e602-482b-aa7a-9e34e7f13e1f | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 09:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://huntr.com/bounties/cf337d37-e602-482b-aa7a-9e34e7f13e1f - Exploit, Third Party Advisory |
19 Sep 2024, 15:49
Type | Values Removed | Values Added |
---|---|---|
First Time |
Lunary
Lunary lunary |
|
CPE | cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:* | |
References | () https://huntr.com/bounties/cf337d37-e602-482b-aa7a-9e34e7f13e1f - Exploit, Third Party Advisory | |
CWE | NVD-CWE-Other | |
Summary |
|
27 Jun 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-27 19:15
Updated : 2024-11-21 09:48
NVD link : CVE-2024-5755
Mitre link : CVE-2024-5755
CVE.ORG link : CVE-2024-5755
JSON object : View
Products Affected
lunary
- lunary
CWE