Vulnerability Description
Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. The application allows users to upload their own regular expressions, which are then executed on the server side. Certain regular expressions can have exponential runtime complexity relative to the input size, leading to potential denial of service. An attacker can exploit this by submitting a specially crafted regular expression, causing the server to become unresponsive for an arbitrary length of time.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lunary | Lunary | < 1.4.23 |
Related Weaknesses (CWE)
References
- https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d49Patch
- https://huntr.com/bounties/e32f5f0d-bd46-4268-b6b1-619e07c6fda3ExploitThird Party Advisory
FAQ
What is CVE-2024-8789?
CVE-2024-8789 is a vulnerability with a CVSS score of 7.5 (HIGH). Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. The application allows users to upload their own regular expressions, which are then execut...
How severe is CVE-2024-8789?
CVE-2024-8789 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-8789?
Check the references section above for vendor advisories and patch information. Affected products include: Lunary Lunary.