CVE-2024-10762

Name of the Vulnerable Software and Affected Versions lunary-ai/lunary versions prior to 1.5.9

Description The issue concerns a lack of proper access control in the /v1/evaluators/ endpoint, allowing low-privilege users to delete evaluator data by sending a DELETE request. This can cause permanent data loss and potentially hinder operations.

Recommendations For versions prior to 1.5.9, update to version 1.5.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the /v1/evaluators/ endpoint to prevent unauthorized deletion of evaluator data.