Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Case Insensitive Email Address Validation Vulnerability in lunary-ai/lunary
Vulnerability Description
lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the case of the email characters. For example, accounts for 'abc@gmail.com' and 'Abc@gmail.com' can both be created, leading to potential impersonation and confusion among users.
CVSS Information
N/A
Vulnerability Type
不正确的同步机制
Vulnerability Title
lunary 安全漏洞
Vulnerability Description
Lunary是lunary开源的一个 LLM 的生产工具包。 lunary 存在安全漏洞,该漏洞源于在注册过程中电子邮件地址验证不当,容易出现身份验证问题,攻击者利用该漏洞可以通过改变电子邮件字符的大小写来创建具有相同电子邮件地址的多个帐户。
CVSS Information
N/A
Vulnerability Type
N/A