Privilege Escalation Vulnerability in Dataset Deletion
A Privilege Escalation Vulnerability in lunary-ai/lunary version 1.2.2 allows any user to delete any dataset. This issue was patched in version 1.2.8.
Available publicly on May 20 2024 | Available with Premium on May 19 2024
Remediation Steps
- Upgrade to lunary-ai/lunary version 1.2.8 or later.
- Implement authorization checks on all sensitive endpoints to ensure that only users with the correct permissions can perform actions.
- Regularly audit your codebase for similar vulnerabilities.
- Consider implementing rate limiting and logging to detect and mitigate abuse patterns.
Patch Details
- Fixed Version: 1.2.8
- Patch Commit: https://github.com/lunary-ai/lunary/commit/14078c1d2b8766075bf655f187ece24c7a787776
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have 624 related security advisories that are available with Sightline Premium.