CVE-2024-7476

Publication date

2025-03-20 10:09:59

Family

@huntr_ai

State

PUBLISHED

Description

A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any users templates by sending a crafted HTTP POST request to the /v1/templates/{id}/versions endpoint. This issue is resolved in version 1.4.3.