CVE-2024-11301

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-11301

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-11301.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-11301

Published

2025-03-20T10:15:24Z

Modified

2025-10-21T02:35:12Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator. The lack of database constraints or application-layer validation to prevent duplicates exposes the application to data integrity issues. This vulnerability can result in corrupted data and potentially malicious actions, impairing the system's functionality.

References

Affected packages

Git / github.com/lunary-ai/lunary

Affected ranges

Type: GIT
Repo: https://github.com/lunary-ai/lunary
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

79dc370596d979b756f6ea0250d97a2d02385ecd