Description

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially render it completely non-functional. Specifically, the vulnerability can be triggered by sending a specially crafted request to the application, leading to a denial of service where the application crashes.

INFO

Published Date :

2024-06-01T15:54:36.486Z

Last Modified :

2025-01-30T13:09:21.705Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-4148 vulnerability.

Vendors Products
Lunary
  • Lunary
Lunary-ai
  • Lunary
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-4148.

URL Resource
https://github.com/lunary-ai/lunary/commit/1e8a3d941ba5cfef2c478dd5bac4e4a4b4d67830 cve-icon cve-icon
https://huntr.com/bounties/eca4ad45-2a38-4f3c-9ec1-8205cd51be31 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact