3 matches found
CVE-2024-8998
A Regular Expression Denial of Service ReDoS vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /.?/ to match user-controlled strings. In the default JavaScript regex engine, this regex can take polynomial time to match certain crafted user inputs. As a result...
PT-2025-12257 · Lunary Ai · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version git f07a845 lunary-ai/lunary versions prior to 1.4.26 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the server, which uses the regex /.?/ to match user-controlled strings. In the...
CVE-2024-4151
An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to...