Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunary
Vulnerability Description
An Insecure Direct Object Reference (IDOR) vulnerability was identified in the `POST /v1/templates` endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the `projectId` query parameter. The root cause of this issue is the absence of server-side validation to ensure that the authenticated user owns the specified `projectId`. The vulnerability has been addressed in version 1.9.23.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Lunary 访问控制错误漏洞
Vulnerability Description
Lunary是Lunary开源的一个 LLM 的生产工具包。 Lunary 0.8.8及之前版本存在访问控制错误漏洞,该漏洞源于不安全的直接对象引用,可能导致模板创建越权。
CVSS Information
N/A
Vulnerability Type
N/A