CVE-2024-5128 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any datasetprompt or datasetpromptvariation within any dataset or project. The issue ste...

CVE-2024-5128

CVE-2024-5128 affects lunary-ai/lunary up to version 1.2.2, with an IDOR in dataset management endpoints that lets unauthorized users view, update, or delete any dataset_prompt or dataset_prompt_variation. Root cause: insufficient access control checks via direct object IDs. Impact is information...

CVE-2024-5128 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any datasetprompt or datasetpromptvariation within any dataset or project. The issue ste...

PT-2024-34590 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to and including 1.2.2 Description: An Incorrect Authorization issue exists, allowing unauthenticated users to delete any dataset due to the lack of proper authorization checks in the dataset deletion endpoint. Th...

PT-2024-34585 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to and including 1.2.2 Description: An Insecure Direct Object Reference IDOR vulnerability was identified, allowing unauthorized users to view, update, or delete any dataset prompt or dataset prompt variation with...

Lunary 安全漏洞

lunary is lunary open source a production toolkit for LLM . An elevation of privilege vulnerability exists in lunary that stems from a lack of authorization checking and can be exploited by an attacker to delete any dataset...

PT-2024-34586 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.2 Description: A Privilege Escalation issue exists due to missing authorization checks, allowing any user to delete datasets. The issue is present in the dataset deletion functionality, where the application fails...

Lunary 安全漏洞

Lunary is lunary open source a production toolkit for LLM. Lunary has an authorization issue vulnerability that stems from the lack of proper authorization checks in the dataset deletion end node, which can be exploited by an attacker to delete any dataset...

GHSA-CG49-HRJ4-3RPR ydata unsafe deserialization

Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded...

CVE-2024-37064

Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded...

lunary authorization issue vulnerability (CNVD-2025-12114)

lunary is a production toolkit for LLM. An authorization issue vulnerability exists in lunary, which stems from a lack of authorization and authentication mechanisms, and can be exploited by an attacker to delete a dataset by sending a DELETE request to an endpoint...

CVE-2024-3761

In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a datas...

CVE-2024-3761

In lunary-ai/lunary, version 1.2.2 contains an unauthorized deletion vulnerability on the DELETE endpoint at packages/backend/src/api/v1/datasets due to missing authorization/authentication. This allows any user (no token required) to delete a dataset, potentially causing data loss or service dis...

CVE-2024-3761 Missing Authorization on Delete Datasets in lunary-ai/lunary

In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a datas...

Lunary 安全漏洞

lunary is a production toolkit for LLM. An authorization issue vulnerability exists in lunary, which stems from a lack of authorization and authentication mechanisms, and can be exploited by an attacker to delete a dataset by sending a DELETE request to an endpoint...

PT-2024-27674 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.2.2 through 1.2.7 Description: The issue is related to the DELETE endpoint located at packages/backend/src/api/v1/datasets, which is vulnerable to unauthorized dataset deletion due to missing authorization and...

GHSA-HFRV-H3Q8-9JPR kurwov vulnerable to Denial of Service due to improper data sanitization

Summary An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. Details...

kurwov vulnerable to Denial of Service due to improper data sanitization

Summary An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. Details...

CVE-2024-34075

kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...

CVE-2024-34075 kurwov vulnerable to Denial of Service due to improper data sanitization

kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...