CVE-2024-4148

Exploit

EPSS 0.17%
Veröffentlicht 01.06.2024 16:15:07
Zuletzt bearbeitet 30.01.2025 13:15:10
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially render it completely non-functional. Specifically, the vulnerability can be triggered by sending a specially crafted request to the application, leading to a denial of service where the application crashes.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lunary ≫ Lunary Version1.2.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.376

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security@huntr.dev	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

https://github.com/lunary-ai/lunary/commit/1e8a3d941ba5cfef2c478dd5bac4e4a4b4d67830

https://huntr.com/bounties/eca4ad45-2a38-4f3c-9ec1-8205cd51be31

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-4148

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-4148

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-4148

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-4148