In lunary-ai/lunary versions <=v1.2.11, an attacker can...
Moderate severity
Unreviewed
Published
Jun 27, 2024
to the GitHub Advisory Database
•
Updated Jun 27, 2024
Description
Published by the National Vulnerability Database
Jun 27, 2024
Published to the GitHub Advisory Database
Jun 27, 2024
Last updated
Jun 27, 2024
In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., '[email protected]' and '[email protected]'), leading to incorrect synchronization and potential security issues.
References