CVE-2024-11301
Published: 20 March 2025
Summary
CVE-2024-11301 is a medium-severity Improper Enforcement of a Single, Unique Action (CWE-837) vulnerability in Lunary Lunary. Its CVSS base score is 6.5 (Medium).
Operationally, ranked at the 44.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Data-Related Vulnerabilities risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7039
Vulnerability details
In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same…
more
slug as an existing evaluator. The lack of database constraints or application-layer validation to prevent duplicates exposes the application to data integrity issues. This vulnerability can result in corrupted data and potentially malicious actions, impairing the system's functionality.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai, lunary
Related Threats
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.