Vulnerabilities > Lunary
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-09 | CVE-2024-5389 | Unspecified vulnerability in Lunary 1.2.13 In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. | 8.1 |
| 2024-06-08 | CVE-2024-4146 | Incorrect Authorization vulnerability in Lunary 1.2.13 In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. | 9.8 |
| 2024-06-06 | CVE-2024-5328 | Server-Side Request Forgery (SSRF) vulnerability in Lunary A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. | 9.3 |
| 2024-06-06 | CVE-2024-5478 | Cross-site Scripting vulnerability in Lunary 1.2.7 A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint `/auth/saml/${org?.id}/metadata` of lunary-ai/lunary version 1.2.7. | 6.1 |