9 matches found
EUVD-2024-1902
Malicious code in bioql PyPI...
CVE-2024-5389
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset...
GHSA-3MWC-2CJ7-GX8C lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
Withdrawn: This advisory was incorrectly linked the the npm package lunary. The advisory is valid, but not for that package. In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datase...
CVE-2024-5389
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset...
CVE-2024-5389 Insufficient Access Control in lunary-ai/lunary
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset...
CVE-2024-5389
CVE-2024-5389 affects lunary-ai/lunary 1.2.13. Root cause: insufficient granularity of access control, failing to validate dataset prompt ownership against the organization/project. Result: users can create, update, get, and delete prompt variations for datasets not owned by their org, causing un...
CVE-2024-5389 Insufficient Access Control in lunary-ai/lunary
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset...
PT-2024-35968 · Lunary Ai · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.13 Description: The issue arises due to the application not properly validating the ownership of dataset prompts and their variations against the organization or project of the requesting user. As a result,...
PT-2024-34585 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to and including 1.2.2 Description: An Insecure Direct Object Reference IDOR vulnerability was identified, allowing unauthorized users to view, update, or delete any dataset prompt or dataset prompt variation with...