CVE-2024-8764

A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute arbitrary regular expressions on the server side. This can lead to a Denial of Service (DoS) condition, as certain regular expressions can cause excessive resource consumption, blocking the server from processing other requests.
Configurations

Configuration 1 (hide)

cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*

History

02 Jul 2025, 19:50

Type Values Removed Values Added
CPE cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*
First Time Lunary
Lunary lunary
References () https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa - () https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa - Patch
References () https://huntr.com/bounties/088c04a1-d23a-47f2-9d7c-b84d7332868d - () https://huntr.com/bounties/088c04a1-d23a-47f2-9d7c-b84d7332868d - Exploit, Third Party Advisory
Summary
  • (es) Una vulnerabilidad en lunary-ai/lunary, a partir del commit be54057, permite a los usuarios cargar y ejecutar expresiones regulares arbitrarias en el servidor. Esto puede provocar una denegación de servicio (DoS), ya que ciertas expresiones regulares pueden causar un consumo excesivo de recursos, impidiendo que el servidor procese otras solicitudes.

20 Mar 2025, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-20 10:15

Updated : 2025-07-02 19:50


NVD link : CVE-2024-8764

Mitre link : CVE-2024-8764

CVE.ORG link : CVE-2024-8764


JSON object : View

Products Affected

lunary

  • lunary
CWE
CWE-285

Improper Authorization