CVE-2024-5755

EUVD-2024-46907
In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., 'attacker123@gmail.com' and 'attacker.123@gmail.com'), leading to incorrect synchronization and potential security issues.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
lunarylunary
𝑥
≤ 1.2.11
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
lunary-ailunary-ai\/lunary
𝑥
≤ 1.2.11
ADP
Common Weakness Enumeration
References
https://huntr.com/bounties/cf337d37-e602-482b-aa7a-9e34e7f13e1f
https://huntr.com/bounties/cf337d37-e602-482b-aa7a-9e34e7f13e1f