Description

A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/{id}/versions endpoint. This issue is resolved in version 1.4.3.

INFO

Published Date :

2025-03-20T10:09:59.839Z

Last Modified :

2025-10-15T12:49:51.255Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-7476 vulnerability.

Vendors Products
Lunary
  • Lunary
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-7476.

URL Resource
https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5 cve-icon cve-icon
https://huntr.com/bounties/183761f7-d411-4332-af86-2ccfbcc5bd9f cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact