{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8764", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-09-12T20:16:04.930Z", "datePublished": "2025-03-20T10:09:36.827Z", "dateUpdated": "2025-03-20T18:36:53.288Z"}, "containers": {"cna": {"title": "Improper Authorization in lunary-ai/lunary", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:09:36.827Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute arbitrary regular expressions on the server side. This can lead to a Denial of Service (DoS) condition, as certain regular expressions can cause excessive resource consumption, blocking the server from processing other requests."}], "affected": [{"vendor": "lunary-ai", "product": "lunary-ai/lunary", "versions": [{"version": "unspecified", "lessThan": "1.4.23", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/088c04a1-d23a-47f2-9d7c-b84d7332868d"}, {"url": "https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-285 Improper Authorization", "cweId": "CWE-285"}]}], "source": {"advisory": "088c04a1-d23a-47f2-9d7c-b84d7332868d", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T17:53:28.801577Z", "id": "CVE-2024-8764", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T18:36:53.288Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8764", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-20T17:53:28.801577Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T17:53:30.618Z"}}], "cna": {"title": "Improper Authorization in lunary-ai/lunary", "source": {"advisory": "088c04a1-d23a-47f2-9d7c-b84d7332868d", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "lunary-ai", "product": "lunary-ai/lunary", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.4.23", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/088c04a1-d23a-47f2-9d7c-b84d7332868d"}, {"url": "https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa"}], "descriptions": [{"lang": "en", "value": "A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute arbitrary regular expressions on the server side. This can lead to a Denial of Service (DoS) condition, as certain regular expressions can cause excessive resource consumption, blocking the server from processing other requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285 Improper Authorization"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:09:36.827Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8764", "state": "PUBLISHED", "dateUpdated": "2025-03-20T18:36:53.288Z", "dateReserved": "2024-09-12T20:16:04.930Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-03-20T10:09:36.827Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "matchCriteriaId": "1867D23D-5A19-4541-8258-E7F901C5F468", "versionEndExcluding": "1.4.23", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute arbitrary regular expressions on the server side. This can lead to a Denial of Service (DoS) condition, as certain regular expressions can cause excessive resource consumption, blocking the server from processing other requests."}, {"lang": "es", "value": "Una vulnerabilidad en lunary-ai/lunary, a partir del commit be54057, permite a los usuarios cargar y ejecutar expresiones regulares arbitrarias en el servidor. Esto puede provocar una denegaci\u00f3n de servicio (DoS), ya que ciertas expresiones regulares pueden causar un consumo excesivo de recursos, impidiendo que el servidor procese otras solicitudes."}], "id": "CVE-2024-8764", "lastModified": "2025-07-02T19:50:32.273", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-03-20T10:15:43.980", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/088c04a1-d23a-47f2-9d7c-b84d7332868d"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "[email protected]", "type": "Primary"}]}

{}