What is CVE-2024-5755?

CVE-2024-5755 is a medium-severity vulnerability in Lunary-ai Lunary-ai/lunary, classified under CWE-821. CVSS score: 5.3/10. Published 2024-06-27.

How severe is CVE-2024-5755?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2024-5755 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Lunary-ai Lunary-ai/lunary

CVE-2024-5755

In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., 'attacker123@…

EPSS: 0.000 (14.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Lunary-ai Lunary-ai/lunary — versions unspecified

Weakness classification (CWE)

CWE-821

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

huntr.com/bounties/cf337d37-e602-482b-aa7a-9e34e7f13e1f

Frequently asked questions

What is CVE-2024-5755?: CVE-2024-5755 is a medium-severity vulnerability in Lunary-ai Lunary-ai/lunary, classified under CWE-821. CVSS score: 5.3/10. Published 2024-06-27.
How severe is CVE-2024-5755?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2024-5755 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.