CNNVD-202511-2812 Information

CNNVD ID

CNNVD-202511-2812

Related CVE

CVE-2025-9803

• CNNVD Published: 2025-11-25

Description (Chinese)

Lunary是Lunary开源的一个 LLM 的生产工具包。 Lunary 1.9.34版本存在安全漏洞，该漏洞源于Google OAuth集成中未验证aud字段，可能导致账户接管。

Description (English)

Lunary is a LLM production toolkit from Lunary Open Source. There is a security gap in the Lunary 1.9.34 version, which stems from the unverified aud field in Google OAuth integration, which may lead to the account taking over.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Lunary

Published

2025-11-25

Last Modified

2026-02-24

References

https://huntr.com/bounties/4734f35f-514c-4d10-98fa-3a54514f6af6 https://github.com/lunary-ai/lunary/commit/95a2cc8e012bf5f089edbfa072ba66dcb7e10d91 https://access.redhat.com/security/cve/cve-2025-9803