Description

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. The affected version is git be54057. An attacker can exploit this vulnerability by manipulating the regular expression /{{(.*?)}}/g, causing the server to hang indefinitely and become unresponsive to any requests. This is due to the regular expression's susceptibility to second-degree polynomial time complexity, which can be triggered by a large number of braces in the input.

INFO

Published Date :

2025-03-20T10:08:56.871Z

Last Modified :

2025-03-20T19:00:27.499Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8763 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8763.

URL Resource
https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa cve-icon cve-icon
https://huntr.com/bounties/4fb63a6e-0056-4550-a34d-e161de1c13b8 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact