漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Case Insensitive Email Address Validation Vulnerability in lunary-ai/lunary
Vulnerability Description
lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the case of the email characters. For example, accounts for 'abc@gmail.com' and 'Abc@gmail.com' can both be created, leading to potential impersonation and confusion among users.
CVSS Information
N/A
Vulnerability Type
不正确的同步机制
Vulnerability Title
lunary 安全漏洞
Vulnerability Description
Lunary是lunary开源的一个 LLM 的生产工具包。 lunary 存在安全漏洞,该漏洞源于在注册过程中电子邮件地址验证不当,容易出现身份验证问题,攻击者利用该漏洞可以通过改变电子邮件字符的大小写来创建具有相同电子邮件地址的多个帐户。
CVSS Information
N/A
Vulnerability Type
N/A