CVE-2024-5127
CVE-2024-5127 affects lunary-ai/lunary versions 1.2.2–1.2.25 and describes an improper access-control vulnerability in the Team feature. The backend does not validate whether a user has paid for a plan before allowing invites with roles, enabling Free-plan users to invite members and assign roles...