CVE-2024-5133 | lunary-ai lunary up to 1.2.4 API Response /v1/users/me/org recovery_token information disclosure

Inserito da Angelo Barbosa | Giu 6, 2024 | CVE

A vulnerability classified as critical has been found in lunary-ai lunary up to 1.2.4. This affects an unknown part of the file /v1/users/me/org of the component API Response Handler. The manipulation of the argument recovery_token leads to information disclosure.

This vulnerability is uniquely identified as CVE-2024-5133. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2024-5133 | lunary-ai lunary up to 1.2.4 API Response /v1/users/me/org recovery_token information disclosure

Post correlati

CVE-2023-35916 | Automattic WooPayments Plugin up to 5.9.0 on WordPress authorization

CVE-2024-22300 | Icegram Email Subscribers & Newsletters Plugin up to 5.7.11 on WordPress cross site scripting

CVE-2024-20764 | Adobe Animate 2023/Animate 2024 out-of-bounds (APSB24-19)

CVE-2024-43208 | Send Emails with Mandrill Plugin up to 1.3.1 on WordPress authorization