{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T21:26:43.479","vulnerabilities":[{"cve":{"id":"CVE-2024-8998","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:45.707","lastModified":"2025-04-04T09:15:16.440","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Regular Expression Denial of Service (ReDoS) vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /{.*?}/ to match user-controlled strings. In the default JavaScript regex engine, this regex can take polynomial time to match certain crafted user inputs. As a result, an attacker can cause the server to hang for an arbitrary amount of time by submitting a specially crafted payload. This issue is fixed in version 1.4.26."},{"lang":"es","value":"Existe una vulnerabilidad de denegación de servicio por expresión regular (ReDoS) en la versión git f07a845 de lunary-ai/lunary. El servidor utiliza la expresión regular /{.*?}/ para coincidir con cadenas controladas por el usuario. En el motor de expresiones regulares predeterminado de JavaScript, esta expresión regular puede tardar un tiempo polinómico en coincidir con ciertas entradas de usuario manipuladas. Como resultado, un atacante puede provocar que el servidor se bloquee durante un tiempo arbitrario enviando un payload especialmente manipulada. Este problema se solucionó en la versión 1.4.26."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.26","matchCriteriaId":"7F305269-C264-41FA-9611-4F271C6CF9EE"}]}]}],"references":[{"url":"https://github.com/lunary-ai/lunary/commit/f2bfa036caf2c48686474f4560a9c5abcf5f43b7","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/4dbd8648-1dca-4f95-b74f-978ef030e97e","source":"security@huntr.dev","tags":["Exploit"]},{"url":"https://huntr.com/bounties/4dbd8648-1dca-4f95-b74f-978ef030e97e","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit"]}]}}]}