CNNVD-202602-123 Information

CNNVD ID

CNNVD-202602-123

Related CVE

CVE-2024-4147

• CNNVD Published: 2026-02-02

Description (Chinese)

Lunary是Lunary开源的一个 LLM 的生产工具包。 Lunary 1.2.13版本存在安全漏洞，该漏洞源于访问控制粒度不足，允许用户通过ID操纵删除其他组织创建的提示，导致信息不一致。

Description (English)

Lunary is a LLM production toolkit from Lunary Open Source. There is a security loophole in version 1.2.13 of Lunary, which stems from inadequate access control particle size, allowing users to manipulate ID to remove tips created by other organizations, resulting in inconsistent information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Lunary

Published

2026-02-02

Last Modified

2026-02-24

References

https://huntr.com/bounties/3f051943-71ea-414c-a528-cd8b5d82a7ad https://github.com/lunary-ai/lunary/commit/0755dde1afc2a74ec23b55eee03e4416916cf48f https://access.redhat.com/security/cve/cve-2024-4147

Patch

https://lunary.ai/