How severe is CVE-2024-11301?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-11301?

This is classified as CWE-837, which is a common weakness in software security.

CVE-2024-11301

MEDIUM Year: 2024

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-837

View all →

Vulnerability Description

In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator. The lack of database constraints or application-layer validation to prevent duplicates exposes the application to data integrity issues. This vulnerability can result in corrupted data and potentially malicious actions, impairing the system's functionality.

CVE-2024-4629

MEDIUM

CVSS:6.5(Medium)

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, att...

CWE-8372024

CVE-2023-6759

HIGH

CVSS:7.5(High)

A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads t...

CWE-8372023

CVE-2023-6438

MEDIUM

CVSS:5.3(Medium)

A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation lead...

CWE-8372023