2024-06-27 18:45:48
@huntr_ai
PUBLISHED
In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character (.) in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., attacker123@gmail.com and attacker.123@gmail.com), leading to incorrect synchronization and potential security issues.