A vulnerability classified as critical has been found in lunary-ai lunary up to 1.4.2. This affects an unknown part of the file /api/v1/external-users. The manipulation of the argument orderByClause leads to sql injection.

This vulnerability is uniquely identified as CVE-2024-7456. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.