Description

Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. The application allows users to upload their own regular expressions, which are then executed on the server side. Certain regular expressions can have exponential runtime complexity relative to the input size, leading to potential denial of service. An attacker can exploit this by submitting a specially crafted regular expression, causing the server to become unresponsive for an arbitrary length of time.

INFO

Published Date :

2025-03-20T10:10:28.174Z

Last Modified :

2025-10-15T12:50:42.963Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8789 vulnerability.

Vendors Products
Lunary
  • Lunary
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8789.

URL Resource
https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa cve-icon cve-icon
https://huntr.com/bounties/e32f5f0d-bd46-4268-b6b1-619e07c6fda3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact