"-Synchronized-Data."

2025-07-29 05:56:59 +00:00 · 2024-06-01 16:00:31 +00:00 · 2024-06-01 16:00:31 +00:00 · 2531777a27
commit 2531777a27
parent df84acc5c3
1 changed files with 73 additions and 4 deletions
--- a/2024/4xxx/CVE-2024-4148.json
+++ b/2024/4xxx/CVE-2024-4148.json
@ -1,17 +1,86 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2024-4148",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security@huntr.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially render it completely non-functional. Specifically, the vulnerability can be triggered by sending a specially crafted request to the application, leading to a denial of service where the application crashes."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-400 Uncontrolled Resource Consumption",
+                        "cweId": "CWE-400"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "lunary-ai",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "lunary-ai/lunary",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_name": "unspecified",
+                                            "version_value": "latest"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://huntr.com/bounties/eca4ad45-2a38-4f3c-9ec1-8205cd51be31",
+                "refsource": "MISC",
+                "name": "https://huntr.com/bounties/eca4ad45-2a38-4f3c-9ec1-8205cd51be31"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "eca4ad45-2a38-4f3c-9ec1-8205cd51be31",
+        "discovery": "EXTERNAL"
+    },
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.0",
+                "attackComplexity": "LOW",
+                "attackVector": "NETWORK",
+                "availabilityImpact": "HIGH",
+                "confidentialityImpact": "NONE",
+                "integrityImpact": "NONE",
+                "privilegesRequired": "NONE",
+                "scope": "UNCHANGED",
+                "userInteraction": "NONE",
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+                "baseScore": 7.5,
+                "baseSeverity": "HIGH"
            }
        ]
    }