Medium

lunary

Unauthorized Email Injection Vulnerability

A critical vulnerability in the email verification and sign-up APIs of version v1.2.26 allows unauthenticated attackers to inject data into outgoing emails. This issue was patched in version 1.4.10.

Available publicly on Oct 08 2024

5.3

CVE:

CVE-2024-7472

CWE:

75:Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Credit:

vn-ncvinh
AssessDetect

Premium

Remediate
Remediation Steps
  • Update to version 1.4.10 or later.
  • Ensure that all user inputs are properly sanitized and validated.
  • Implement stricter input validation to prevent the use of alternative whitespace characters for injection.
  • Regularly review and test the codebase for similar vulnerabilities.
  • Educate developers on secure coding practices to prevent such issues in the future.
Patch Details
  • Fixed Version: 1.4.10
  • Patch Commit: https://github.com/lunary-ai/lunary/commit/a39837d7c49936a0c435d241f37ca2ea7904d2cd
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.