CNNVD-202508-2023 Information

CNNVD ID

CNNVD-202508-2023

Related CVE

CVE-2025-4962

• CNNVD Published: 2025-08-18

Description (Chinese)

Lunary是Lunary开源的一个 LLM 的生产工具包。 Lunary 0.8.8及之前版本存在访问控制错误漏洞，该漏洞源于不安全的直接对象引用，可能导致模板创建越权。

Description (English)

Lunary is a LLM production toolkit from Lunary Open Source. Runary 0.8.8 and previous versions had an access control error that originated from an unsafe direct reference and could lead to the creation of templates exceeding their authority.

Hazard Level

Medium

Vulnerability Type

访问控制错误

Affected Vendor

Lunary

Published

2025-08-18

Last Modified

2026-02-24

References

https://huntr.com/bounties/137a0aef-e243-49d4-832f-8e56056cba1a https://github.com/lunary-ai/lunary/commit/e977d06f18a615963ffbe07e5bdff70218c29907 https://nvd.nist.gov/vuln/detail/CVE-2025-4962

Patch

https://github.com/lunary-ai/lunary/releases