CNNVD-202602-118 Information

CNNVD ID

CNNVD-202602-118

Related CVE

CVE-2024-5386

• CNNVD Published: 2026-02-02

Description (Chinese)

Lunary是Lunary开源的一个 LLM 的生产工具包。 Lunary 1.2.2版本存在安全漏洞，该漏洞源于密码重置令牌泄露，可能导致账户劫持。

Description (English)

Lunary is a LLM production toolkit from Lunary Open Source. There is a security loophole in version 1.2.2 of Lunary, which stems from the leaking of the password reset token, which could lead to the hijacking of the account.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Lunary

Published

2026-02-02

Last Modified

2026-02-24

References

https://huntr.com/bounties/602eb4a1-305d-46d6-b975-5a5d8b040ad1 https://github.com/lunary-ai/lunary/commit/fc7ab3d5621c18992da5dab3a2a9a8d227d42311 https://access.redhat.com/security/cve/cve-2024-5386

Patch

https://lunary.ai/