CNNVD-202507-664 Information
Jul 07, 2025
cve
CNNVD ID
CNNVD-202507-664
Related CVE
- CNNVD Published: 2025-07-07
Description (Chinese)
Lunary是Lunary开源的一个 LLM 的生产工具包。 Lunary 1.9.24之前版本存在跨站脚本漏洞,该漏洞源于v1/runs/ingest端点输入未清理,可能导致存储型跨站脚本攻击。
Description (English)
Lunary is a LLM production toolkit from Lunary Open Source. The pre-Lunary 1.9.24 version had a cross-site script loophole, which originated from the uncleaned v1/runs/ingest endpoint, which could result in a storage-type cross-site script attack.
Hazard Level
Low
Vulnerability Type
跨站脚本
Affected Vendor
Lunary
Published
2025-07-07
Last Modified
2026-02-24
References
https://huntr.com/bounties/c603b64e-5171-4eed-8983-a7f656ce2c4d https://github.com/lunary-ai/lunary/commit/18750294a76ff6c0f3f1b6af4ac1a23399836b16 https://access.redhat.com/security/cve/cve-2025-4779
Patch
https://github.com/lunary-ai/lunary/releases
Share on: