CVE-2024-5128 | lunary-ai lunary up to 1.2.24 Object Reference dataset_prompt access control

Posted by Angelo Barbosa | Jun 6, 2024 | CVE

A vulnerability was found in lunary-ai lunary up to 1.2.24 and classified as critical. Affected by this issue is the function dataset_prompt of the component Object Reference Handler. The manipulation leads to improper access controls.

This vulnerability is handled as CVE-2024-5128. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-5128 | lunary-ai lunary up to 1.2.24 Object Reference dataset_prompt access control

Related Posts

CVE-2024-42051 | Splashtop Streamer up to 3.6.1.x on Windows temp file

CVE-2024-0720 | FactoMineR FactoInvestigate up to 1.9 HTML Report Generator cross site scripting

CVE-2024-46946 | langchain_experimental up to 0.3.0 sympy.sympify Privilege Escalation

CVE-2024-21403 | Microsoft Azure Kubernetes Service Confidential Containers Remote Code Execution