← Volver a CVEs

CVE-2024-1739

CRITICAL

9.1

Descripcion

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the case of the email characters. For example, accounts for 'abc@gmail.com' and 'Abc@gmail.com' can both be created, leading to potential impersonation and confusion among users.

Detalles CVE

Puntuacion CVSS v3.19.1

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado4/16/2024

Ultima modificacion6/18/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

lunary:lunary

Debilidades (CWE)

CWE-821

Referencias

https://github.com/lunary-ai/lunary/commit/7351157a21e5acd0162b4528bcae9d65b1c95695(security@huntr.dev)

https://huntr.com/bounties/2ca70ba5-b6a4-4873-bd55-bc6cef40d300(security@huntr.dev)

https://github.com/lunary-ai/lunary/commit/7351157a21e5acd0162b4528bcae9d65b1c95695(af854a3a-2127-422b-91ae-364da2661108)

https://huntr.com/bounties/2ca70ba5-b6a4-4873-bd55-bc6cef40d300(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.