Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Enforcement of Unique Constraint in lunary-ai/lunary
Vulnerability Description
In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator. The lack of database constraints or application-layer validation to prevent duplicates exposes the application to data integrity issues. This vulnerability can result in corrupted data and potentially malicious actions, impairing the system's functionality.
CVSS Information
N/A
Vulnerability Type
CWE-837
Vulnerability Title
Lunary 安全漏洞
Vulnerability Description
Lunary是Lunary开源的一个 LLM 的生产工具包。 Lunary 1.6.3之前版本存在安全漏洞,该漏洞源于未强制实施唯一约束,可能导致数据完整性问题。
CVSS Information
N/A
Vulnerability Type
N/A