CVE-2024-3760

CVSS 3.0 Score 7.5 of 10 (high)

Details

Published Nov 14, 2024
Updated: Nov 15, 2024
CWE ID 770

Summary

CVE-2024-3760 is a vulnerability affecting version 1.2.7 of the lunary-ai/lunary software. This issue involves a lack of rate limiting on the forgot password page, allowing attackers to flood user accounts with password reset requests. The consequence is an email bombing attack, inundating victims with a high volume of password reset emails. This not only clutters the user's mailbox but also puts excessive load on mail servers, potentially causing performance degradation and disrupting organization-wide email services.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share