Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-a3dw-2zjb-qyf5
SummaryIn version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access to external user data.
Aliases
0
alias CVE-2024-7474
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7474
reference_id
reference_type
scores
0
value 0.00251
scoring_system epss
scoring_elements 0.48749
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7474
1
reference_url https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5
reference_id 8f563c77d8614a72980113f530c7a9ec15a5f8d5
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-29T13:39:42Z/
url https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5
2
reference_url https://huntr.com/bounties/95d8b993-3347-4ef5-a2b3-1f57219b7871
reference_id 95d8b993-3347-4ef5-a2b3-1f57219b7871
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-29T13:39:42Z/
url https://huntr.com/bounties/95d8b993-3347-4ef5-a2b3-1f57219b7871
Weaknesses
0
cwe_id 639
name Authorization Bypass Through User-Controlled Key
description The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Exploits
Severity_range_score9.1 - 9.1
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-a3dw-2zjb-qyf5