CVE-2024-5126

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-5126

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5126.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-5126

Published

2024-06-06T19:16:04.090Z

Modified

2026-03-14T12:36:26.523926Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An improper access control vulnerability exists in the lunary-ai/lunary repository, specifically within the versions.patch functionality for updating prompts. Affected versions include 1.2.2 up to but not including 1.2.25. The vulnerability allows unauthorized users to update prompt details due to insufficient access control checks. This issue was addressed and fixed in version 1.2.25.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "1.2.2"
            },
            {
                "fixed": "1.2.25"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5126.json"