2 matches found
Mass Assignment
Flowise is vulnerable to Mass Assignment. The vulnerability is due to insufficient validation and authorization checks in the evaluator create and update operations, where authenticated users can modify server-controlled properties to take over evaluators across workspaces...
CVE-2024-11301 Improper Enforcement of Unique Constraint in lunary-ai/lunary
In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator...