CNNVD-202508-2840 Information

CNNVD ID

CNNVD-202508-2840

Related CVE

CVE-2025-5352

• CNNVD Published: 2025-08-23

Description (Chinese)

Lunary是Lunary开源的一个 LLM 的生产工具包。 Lunary 1.9.23及之前版本存在跨站脚本漏洞，该漏洞源于Analytics组件存在存储型跨站脚本，可能导致任意JavaScript执行。

Description (English)

Lunary is a LLM production toolkit from Lunary Open Source. Runary 1.9.23 and previous versions had a cross-site script loophole, which stemmed from the existence of a storage-type cross-site script for the Analytics component, which could result in the implementation of any JavaScript.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

LuxSoft

Published

2025-08-23

Last Modified

2026-02-24

References

https://huntr.com/bounties/f1d3dbce-3c3e-480e-b81e-0e8afa05c491 https://github.com/lunary-ai/lunary/commit/e2e43e88cecf742bacb639ab880507bbfdfd065c https://access.redhat.com/security/cve/cve-2025-5352 https://nvd.nist.gov/vuln/detail/CVE-2025-5352

Patch

https://github.com/lunary-ai/lunary/releases