CVE-2024-4148

Name of the Vulnerable Software and Affected Versions lunary-ai/lunary version 1.2.10

Description A Regular Expression Denial of Service (ReDoS) issue exists, allowing an attacker to significantly impact the application's response time and potentially render it non-functional by manipulating regular expressions. This can be triggered by sending a specially crafted request to the application, leading to a denial of service where the application crashes.

Recommendations For version 1.2.10, consider restricting the use of regular expressions in the application until a patch is available. As a temporary workaround, review and limit the input that can be used to trigger the ReDoS vulnerability.