Business Logic Error Allows Bypass of Subscription Model Limits in Lunary Version 1.2.2
CVE-2024-5132

9.1CRITICAL

Key Information:

Vendor: Lunary-ai
Status: Lunary-ai/lunary
Vendor: CVE Published:; 6 June 2024

What is CVE-2024-5132?

This vulnerability was marked as rejected by its CVE Numbering Authority, suggesting it does not meet the criteria for a valid CVE entry. Users and administrators of the affected product should remain vigilant regarding security updates, as similar vulnerabilities may arise or be disclosed in the future. Maintaining robust security practices is essential to protect systems against potential threats.

Affected Version(s)

lunary-ai/lunary <= unspecified

References

https://huntr.com/bounties/1a2d462f-ce25-410c-80f1-10546f...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2024
Vulnerability Reserved
May 19, 2024

Lunary-ai

What is CVE-2024-5132?

Affected Version(s)

References

CVSS V3.1

Timeline