CVE-2024-7472

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

CVE-2024-7472

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

CVE-2024-7472

CVE-2024-7472 affects lunary-ai/lunary v1.2.26, exposing an email injection vulnerability in the /v1/users/send-verification and /auth/signup endpoints. The root cause is bypassing the extractFirstName function by using an alternate whitespace character (e.g., \xa0), enabling data to be injected ...

CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...