CVE-2024-5755

{"id": "CVE-2024-5755", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-06-27T19:15:16.400", "references": [{"url": "https://huntr.com/bounties/cf337d37-e602-482b-aa7a-9e34e7f13e1f", "source": "security@huntr.dev"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-821"}]}], "descriptions": [{"lang": "en", "value": "In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., 'attacker123@gmail.com' and 'attacker.123@gmail.com'), leading to incorrect synchronization and potential security issues."}, {"lang": "es", "value": "En las versiones lunary-ai/lunary &lt;=v1.2.11, un atacante puede eludir la validaci\u00f3n del correo electr\u00f3nico utilizando un car\u00e1cter de punto ('.') en la direcci\u00f3n de correo electr\u00f3nico. Esto permite la creaci\u00f3n de varias cuentas con esencialmente la misma direcci\u00f3n de correo electr\u00f3nico (por ejemplo, 'attacker123@gmail.com' y 'attacker.123@gmail.com'), lo que genera una sincronizaci\u00f3n incorrecta y posibles problemas de seguridad."}], "lastModified": "2024-06-27T19:25:12.067", "sourceIdentifier": "security@huntr.dev"}