CVE-2024-5478

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-5478

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5478.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-5478

Published

2024-06-06T19:16:08Z

Modified

2025-01-14T12:17:33.285753Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint /auth/saml/${org?.id}/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the generated response. Specifically, the endpoint generates XML responses for SAML metadata, where the orgId parameter is directly embedded into the XML structure without proper sanitization or validation. This flaw allows an attacker to inject arbitrary JavaScript code into the generated SAML metadata page, leading to potential theft of user cookies or authentication tokens.

References

https://huntr.com/bounties/e899f496-d493-4c06-b596-cb0a88ad451b

Affected packages

Git / github.com/lunary-ai/lunary

Affected ranges

Type: GIT
Repo: https://github.com/lunary-ai/lunary
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c57cd50fa0477fd2a2efe60810c0099eebd66f54

Affected versions

1.*

1.2.4

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.2.0

v0.2.1

v0.3.0

v0.3.1

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.5

v1.2.6

v1.2.7