Home > Vulnerability Database > CVE-2024-1739

Mend.io Vulnerability Database

CVE-2024-1739

Good to know:

Date: April 15, 2024

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the case of the email characters. For example, accounts for 'abc@gmail.com' and 'Abc@gmail.com' can both be created, leading to potential impersonation and confusion among users.

Language: TYPE_SCRIPT

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-1739

Url: https://github.com/lunary-ai/lunary/commit/7351157a21e5acd0162b4528bcae9d65b1c95695

Url: https://huntr.com/bounties/2ca70ba5-b6a4-4873-bd55-bc6cef40d300

Url: https://www.mend.io/vulnerability-database/CVE-2024-1739

Severity Score

7.5

Weakness Type (CWE)

Incorrect Synchronization

CWE-821

Top Fix

Upgrade Version

Upgrade to version v1.0.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-1739

Good to know:

Date: April 15, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?