CVE-2024-8764

{"id": "CVE-2024-8764", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:43.980", "references": [{"url": "https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa", "tags": ["Patch"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/088c04a1-d23a-47f2-9d7c-b84d7332868d", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute arbitrary regular expressions on the server side. This can lead to a Denial of Service (DoS) condition, as certain regular expressions can cause excessive resource consumption, blocking the server from processing other requests."}, {"lang": "es", "value": "Una vulnerabilidad en lunary-ai/lunary, a partir del commit be54057, permite a los usuarios cargar y ejecutar expresiones regulares arbitrarias en el servidor. Esto puede provocar una denegaci\u00f3n de servicio (DoS), ya que ciertas expresiones regulares pueden causar un consumo excesivo de recursos, impidiendo que el servidor procese otras solicitudes."}], "lastModified": "2025-07-02T19:50:32.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1867D23D-5A19-4541-8258-E7F901C5F468", "versionEndExcluding": "1.4.23"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}