Home > Vulnerability Database > CVE-2024-4148

Mend.io Vulnerability Database

CVE-2024-4148

Date: June 1, 2024

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially render it completely non-functional. Specifically, the vulnerability can be triggered by sending a specially crafted request to the application, leading to a denial of service where the application crashes.

Language: Python

Severity Score

7.5

Related Resources (3)

Url: https://huntr.com/bounties/eca4ad45-2a38-4f3c-9ec1-8205cd51be31

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-4148

Url: https://www.mend.io/vulnerability-database/CVE-2024-4148

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-4148

Date: June 1, 2024

Language: Python

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?