CVE-2024-5755
MEDIUMDescription
In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., '[email protected]' and '[email protected]'), leading to incorrect synchronization and potential security issues.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| lunary | lunary |
References
Frequently Asked Questions
What is CVE-2024-5755? +
How severe is CVE-2024-5755? +
What products are affected by CVE-2024-5755? +
How do I check if I'm vulnerable to CVE-2024-5755? +
Related Vulnerabilities
lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the …
lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. …
A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices …
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from …
In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform …
FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a …