Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-7472
Modified
More InfoOfficial Page
Source-security@huntr.dev
View Known Exploited Vulnerability (KEV) details
Published At-29 Oct, 2024 | 13:15
Updated At-15 Oct, 2025 | 13:15

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace character (e.g., \xa0). This vulnerability can be exploited to conduct phishing attacks, damage the application's brand, cause legal and compliance issues, and result in financial impact due to unauthorized email usage.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Secondary3.05.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Lunary LLC
lunary
>>lunary>>1.2.26
cpe:2.3:a:lunary:lunary:1.2.26:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-93Primarysecurity@huntr.dev
CWE-74Secondarynvd@nist.gov
CWE ID: CWE-93
Type: Primary
Source: security@huntr.dev
CWE ID: CWE-74
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/lunary-ai/lunary/commit/a39837d7c49936a0c435d241f37ca2ea7904d2cdsecurity@huntr.dev
Patch
https://huntr.com/bounties/dc1feec6-1efb-4538-9b56-ab25deb80948security@huntr.dev
Exploit
Third Party Advisory
Hyperlink: https://github.com/lunary-ai/lunary/commit/a39837d7c49936a0c435d241f37ca2ea7904d2cd
Source: security@huntr.dev
Resource:
Patch
Hyperlink: https://huntr.com/bounties/dc1feec6-1efb-4538-9b56-ab25deb80948
Source: security@huntr.dev
Resource:
Exploit
Third Party Advisory
Change History
0Changes found
Details not found