CVE-2024-7476: CWE-639 Authorization Bypass Through User-Controlled Key in lunary-ai lunary-ai/lunary
A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/{id}/versions endpoint. This issue is resolved in version 1.4.3.
CVE-2024-7476: CWE-639 Authorization Bypass Through User-Controlled Key in lunary-ai lunary-ai/lunary
Description
A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/{id}/versions endpoint. This issue is resolved in version 1.4.3.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- @huntr_ai
- Date Reserved
- 2024-08-04T14:24:46.424Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 68ef9b2b178f764e1f470d93
Added to database: 10/15/2025, 1:01:31 PM
Last updated: 10/15/2025, 1:01:33 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2024-8060: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in open-webui open-webui/open-webui
HighCVE-2024-8057: CWE-306 Missing Authentication for Critical Function in danswer-ai danswer-ai/danswer
MediumCVE-2024-8055: CWE-89 Improper Neutralization of Special Elements used in an SQL Command in vanna-ai vanna-ai/vanna
HighCVE-2024-8028: CWE-770 Allocation of Resources Without Limits or Throttling in danswer-ai danswer-ai/danswer
HighCVE-2024-8020: CWE-248 Uncaught Exception in lightning-ai lightning-ai/pytorch-lightning
HighActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.