Home > Vulnerability Database > CVE-2024-11301

Mend.io Vulnerability Database

CVE-2024-11301

Good to know:

Date: March 20, 2025

In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator. The lack of database constraints or application-layer validation to prevent duplicates exposes the application to data integrity issues. This vulnerability can result in corrupted data and potentially malicious actions, impairing the system's functionality.

Severity Score

6.5

Related Resources (4)

Url: https://huntr.com/bounties/3d99aca5-b135-4833-b48b-7806bc4bf861

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-11301

Url: https://github.com/lunary-ai/lunary/commit/79dc370596d979b756f6ea0250d97a2d02385ecd

Url: https://www.mend.io/vulnerability-database/CVE-2024-11301

Severity Score

6.5

Weakness Type (CWE)

Improper Enforcement of a Single, Unique Action

CWE-837

Top Fix

Upgrade Version

Upgrade to version https://github.com/lunary-ai/lunary.git - v1.6.3

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-11301

Good to know:

Date: March 20, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?