Vulnerability Description
lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the case of the email characters. For example, accounts for '[email protected]' and '[email protected]' can both be created, leading to potential impersonation and confusion among users.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lunary | Lunary | < 1.0.2 |
Related Weaknesses (CWE)
References
- https://github.com/lunary-ai/lunary/commit/7351157a21e5acd0162b4528bcae9d65b1c95Patch
- https://huntr.com/bounties/2ca70ba5-b6a4-4873-bd55-bc6cef40d300ExploitThird Party Advisory
- https://github.com/lunary-ai/lunary/commit/7351157a21e5acd0162b4528bcae9d65b1c95Patch
- https://huntr.com/bounties/2ca70ba5-b6a4-4873-bd55-bc6cef40d300ExploitThird Party Advisory
FAQ
What is CVE-2024-1739?
CVE-2024-1739 is a vulnerability with a CVSS score of 9.1 (CRITICAL). lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insen...
How severe is CVE-2024-1739?
CVE-2024-1739 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-1739?
Check the references section above for vendor advisories and patch information. Affected products include: Lunary Lunary.