icon

We found results for “

CVE-2024-11301

Good to know:

icon

Date: March 20, 2025

In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator. The lack of database constraints or application-layer validation to prevent duplicates exposes the application to data integrity issues. This vulnerability can result in corrupted data and potentially malicious actions, impairing the system's functionality.

Severity Score

Severity Score

Weakness Type (CWE)

Improper Enforcement of a Single, Unique Action

CWE-837

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/lunary-ai/lunary.git - v1.6.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us