High Severity

lunary

Regular Expression Denial of Service in Text Processing Library

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the lunary-ai/lunary library, specifically version 1.2.10. By crafting malicious regular expressions, an attacker can cause the application to become unresponsive or crash. This issue was not explicitly mentioned as patched in the provided data, suggesting the need for users to verify the latest versions for a fix.

Available publicly on Jun 01 2024

7.5

CVE:

CVE-2024-4148

CWE:

400:Uncontrolled Resource Consumption

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Credit:

mvlttt
AssessDetect

Premium

Remediate
Remediation Steps
  • Ensure your application is not using lunary-ai/lunary version 1.2.10.
  • Upgrade to the latest version of the library, after verifying that the issue has been addressed.
  • Implement input validation to reject suspicious or overly complex regular expressions.
  • Consider using a timeout for regular expression processing to prevent excessive resource consumption.
  • Monitor application logs for unusual patterns that may indicate an attempted exploitation of this vulnerability.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 291 related security advisories that are available with Sightline Premium.

Sightline logo
About Protect AIPrivacy PolicyTerms of Service
© 2024 Protect AI, Inc.
Slack iconLinkedIn iconYoutube iconX icon