Lucene search
+L

4 matches found

OSV
OSV
added 2024/11/01 12:15 p.m.20 views

CVE-2024-7456

A SQL injection vulnerability exists in the /api/v1/external-users route of lunary-ai/lunary version v1.4.2. The order by clause of the SQL query uses sql.unsafe without prior sanitization, allowing for SQL injection. The orderByClause variable is constructed without server-side validation or...

9.8CVSS8.6AI score0.01359EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/11/01 12:5 p.m.28 views

CVE-2024-7456 SQL Injection in lunary-ai/lunary

A SQL injection vulnerability exists in the /api/v1/external-users route of lunary-ai/lunary version v1.4.2. The order by clause of the SQL query uses sql.unsafe without prior sanitization, allowing for SQL injection. The orderByClause variable is constructed without server-side validation or...

9.8CVSS0.01359EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/11/01 12:5 p.m.15 views

CVE-2024-7456 SQL Injection in lunary-ai/lunary

A SQL injection vulnerability exists in the /api/v1/external-users route of lunary-ai/lunary version v1.4.2. The order by clause of the SQL query uses sql.unsafe without prior sanitization, allowing for SQL injection. The orderByClause variable is constructed without server-side validation or...

9.8CVSS8.6AI score0.01359EPSS
Exploits1References2
CVE
CVE
added 2024/11/01 12:5 p.m.97 views

CVE-2024-7456

The CVE-2024-7456 issue affects lunary-ai/lunary v1.4.2, where the /api/v1/external-users route constructs an ORDER BY clause using sql.unsafe without server-side sanitization, enabling SQL injection. Impact per sources: potential complete data loss/modification/corruption. Public details across ...

9.8CVSS10AI score0.01359EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder