
We found results for “”
CVE-2024-7476
Good to know:

Date: March 20, 2025
A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/{id}/versions endpoint. This issue is resolved in version 1.4.3.
Severity Score
Severity Score
Weakness Type (CWE)
Improper Access Control
CWE-284Top Fix

CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |