Lucene search
+L

4 matches found

osv
osv
added 2024/11/01 12:15 p.m.19 views

CVE-2024-7456

A SQL injection vulnerability exists in the /api/v1/external-users route of lunary-ai/lunary version v1.4.2. The order by clause of the SQL query uses sql.unsafe without prior sanitization, allowing for SQL injection. The orderByClause variable is constructed without server-side validation or...

9.8CVSS8.6AI score0.01359EPSS
Exploits1References2
cvelist
cvelist
added 2024/11/01 12:5 p.m.28 views

CVE-2024-7456 SQL Injection in lunary-ai/lunary

A SQL injection vulnerability exists in the /api/v1/external-users route of lunary-ai/lunary version v1.4.2. The order by clause of the SQL query uses sql.unsafe without prior sanitization, allowing for SQL injection. The orderByClause variable is constructed without server-side validation or...

9.8CVSS0.01359EPSS
Exploits1References2
cve
cve
added 2024/11/01 12:5 p.m.95 views

CVE-2024-7456

The CVE-2024-7456 issue affects lunary-ai/lunary v1.4.2, where the /api/v1/external-users route constructs an ORDER BY clause using sql.unsafe without server-side sanitization, enabling SQL injection. Impact per sources: potential complete data loss/modification/corruption. Public details across ...

9.8CVSS10AI score0.01359EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2024/11/01 12:5 p.m.15 views

CVE-2024-7456 SQL Injection in lunary-ai/lunary

A SQL injection vulnerability exists in the /api/v1/external-users route of lunary-ai/lunary version v1.4.2. The order by clause of the SQL query uses sql.unsafe without prior sanitization, allowing for SQL injection. The orderByClause variable is constructed without server-side validation or...

9.8CVSS8.6AI score0.01359EPSS
Exploits1References2
Rows per page
Query Builder