2 matches found
CVE-2025-4962 IDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunary
An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...
CVE-2025-4962
CVE-2025-4962 describes an Insecure Direct Object Reference (IDOR) in Lunary API. The vulnerability exists in the endpoint POST /v1/templates and allows an authenticated user to create templates in another user’s project by manipulating the projectId query parameter. Root cause: missing server-si...