CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-4148: Redos (Regular Expression Denial of Service) in lunary-ai/lunary

7.5 CVSS

Description

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially render it completely non-functional. Specifically, the vulnerability can be triggered by sending a specially crafted request to the application, leading to a denial of service where the application crashes.

Classification

CVE ID: CVE-2024-4148

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor: lunary-ai

Product: lunary-ai/lunary

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 19.76% (scored less or equal to compared to others)

EPSS Date: 2025-02-28 (when was this score calculated)

References

https://huntr.com/bounties/eca4ad45-2a38-4f3c-9ec1-8205cd51be31
https://github.com/lunary-ai/lunary/commit/1e8a3d941ba5cfef2c478dd5bac4e4a4b4d67830

Timeline

2025-01-31 00:30:17 UTC
CVE

Redos (Regular Expression Denial of Service) in lunary-ai/lunary