Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Weak Password Recovery Mechanism in lunary-ai/lunary
Vulnerability Description
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the recovery token to repeatedly change the password of a victim's account. The issue lies in the backend's handling of the reset password process, where the token, once used, is not discarded or invalidated, enabling its reuse. This vulnerability could lead to unauthorized account access if an attacker obtains the recovery token.
CVSS Information
N/A
Vulnerability Type
忘记口令恢复机制弱
Vulnerability Title
Lunary 安全漏洞
Vulnerability Description
Lunary是lunary开源的一个 LLM 的生产工具包。 Lunary 1.2.4版本存在安全漏洞,该漏洞源于密码恢复机制中存在重置密码令牌在使用后不会失效的问题,导致攻击者通过破解恢复令牌反复更改受害者帐户的密码。
CVSS Information
N/A
Vulnerability Type
N/A