Description

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially render it completely non-functional. Specifically, the vulnerability can be triggered by sending a specially crafted request to the application, leading to a denial of service where the application crashes.

Related CPE's

a

lunary

lunary

1.2.10

Vulnerable

References

https://github.com/lunary-ai/lunary/commit/1e8a3d941ba5cfef2c478dd5bac4e4a4b4d67830

https://huntr.com/bounties/eca4ad45-2a38-4f3c-9ec1-8205cd51be31

ExploitThird Party Advisory

https://huntr.com/bounties/eca4ad45-2a38-4f3c-9ec1-8205cd51be31

ExploitThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-1333

[email protected]

Secondary
CWE-1333

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2024-06-01T14:15:07.563Z

1 year ago

Last modified

2025-01-30T12:15:10.093Z

1 year ago