CVE-2024-8789
NONE EPSS 50.7%
Published Mar 20, 20251y ago · Modified Jun 17, 20261w ago
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. The application allows users to upload their own regular expressions, which are then executed on the server side. Certain regular expressions can have exponential runtime complexity relative to the input size, leading to potential denial of service. An attacker can exploit this by submitting a specially crafted regular expression, causing the server to become unresponsive for an arbitrary length of time.
Threat Intelligence
EPSS Exploit Probability
50.7% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-1333
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| lunary | lunary | * | <1.4.23 |
References 2
- github.com https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa
- huntr.com https://huntr.com/bounties/e32f5f0d-bd46-4268-b6b1-619e07c6fda3
Remediation
- github.com https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa