2 matches found
CVE-2024-5328
A Server-Side Request Forgery SSRF vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An...
CVE-2024-5328
CVE-2024-5328 affects lunary-ai/lunary. The issue is a SSRF in the /auth/saml/tto/download-idp-xml endpoint where user-supplied URLs are not validated before being used in server-side requests. Consequences described include disclosure of sensitive information, potential service disruption, and t...