CVE-2024-9000
In lunary-ai/lunary before version 1.4.26, the checklists.post endpoint allows users to create or modify checklists without validating whether the user has proper permissions. This missing access control permits unauthorized users to create checklists, bypassing intended permission checks...