4 matches found
CVE-2024-4154
In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite not having the...
CVE-2024-44070
An issue was discovered in FRRouting FRR through 10.1. bgpattrencap in bgpd/bgpattr.c does not check the actual remaining stream length before taking the TLV value...
CVE-2024-4154 Incorrect Synchronization in lunary-ai/lunary
In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite not having the...
CVE-2024-4154
CVE-2024-4154 affects lunary-ai/lunary, version 1.2.2. The vulnerability is described as an incorrect synchronization flaw that lets unprivileged users rename projects they are not authorized to access by sending a PATCH to the project endpoint with a new name. This can lead to unauthorized modif...