{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T06:43:48.831","vulnerabilities":[{"cve":{"id":"CVE-2024-7476","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:36.467","lastModified":"2025-10-15T13:15:52.470","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/{id}/versions endpoint. This issue is resolved in version 1.4.3."},{"lang":"es","value":"Existe una vulnerabilidad de control de acceso erróneo en las versiones 1.2.7 a 1.4.2 de lunary-ai/lunary. Esta vulnerabilidad permite a un atacante autenticado modificar las plantillas de cualquier usuario mediante el envío de una solicitud HTTP POST manipulada al endpoint /v1/templates/{id}/versions. Este problema se ha resuelto en la versión 1.4.3."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*","versionStartIncluding":"1.2.7","versionEndExcluding":"1.4.3","matchCriteriaId":"5569D1A0-9A4F-4D0F-A4B5-3EC98B94593A"}]}]}],"references":[{"url":"https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/183761f7-d411-4332-af86-2ccfbcc5bd9f","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}