CVE-2024-8763

Name of the Vulnerable Software and Affected Versions lunary-ai/lunary version git be54057

Description A Regular Expression Denial of Service (ReDoS) issue exists in the compileTextTemplate function. This is due to the regular expression /{{(.*?)}}/g being susceptible to second-degree polynomial time complexity, which can be triggered by a large number of braces in the input. An attacker can exploit this by manipulating the regular expression, causing the server to hang indefinitely and become unresponsive to requests.

Recommendations For version git be54057, consider disabling the compileTextTemplate function until a patch is available to prevent exploitation of the ReDoS vulnerability. Restrict input to prevent a large number of braces from being processed by the vulnerable regular expression /{{(.*?)}}/g.