CVE-2024-3760
CVSS 3.0 Score 7.5 of 10 (high)
Details
Published Nov 14, 2024
Updated: Nov 15, 2024
CWE ID 770
Summary
CVE-2024-3760 is a vulnerability affecting version 1.2.7 of the lunary-ai/lunary software. This issue involves a lack of rate limiting on the forgot password page, allowing attackers to flood user accounts with password reset requests. The consequence is an email bombing attack, inundating victims with a high volume of password reset emails. This not only clutters the user's mailbox but also puts excessive load on mail servers, potentially causing performance degradation and disrupting organization-wide email services.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share