EUVD-2024-17401

Malicious code in bioql PyPI...

CVE-2024-1666

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...

CVE-2024-1666

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...

CVE-2024-1666

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...

CVE-2024-1666

CVE-2024-1666 affects lunary-ai/lunary 1.0.0, where an authorization flaw allows unauthorized radar creation. The root cause is missing server-side checks to verify a user’s paid/upgraded status during radar creation (enforced only in the web UI). Attackers can bypass account upgrade requirements...

CVE-2024-1666 Unauthorized Radar Creation in lunary-ai/lunary

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...

PT-2024-18211 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.0.0 Description: The issue is related to an authorization flaw that allows unauthorized radar creation. This flaw stems from the lack of server-side checks to verify if a user is on a free account during the radar...