Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1ycHg4LWZnNnctcm02eM4AA8xQ

lunary-ai/lunary XSS in SAML metadata endpoint

A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint /auth/saml/${org?.id}/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the generated response. Specifically, the endpoint generates XML responses for SAML metadata, where the orgId parameter is directly embedded into the XML structure without proper sanitization or validation. This flaw allows an attacker to inject arbitrary JavaScript code into the generated SAML metadata page, leading to potential theft of user cookies or authentication tokens.

Permalink: https://github.com/advisories/GHSA-rpx8-fg6w-rm6x
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ycHg4LWZnNnctcm02eM4AA8xQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 5 months ago
Updated: 4 months ago


CVSS Score: 7.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Identifiers: GHSA-rpx8-fg6w-rm6x, CVE-2024-5478
References: Repository: https://github.com/lunary-ai/lunary
Blast Radius: 1.0

Affected Packages

npm:lunary
Dependent packages: 0
Dependent repositories: 0
Downloads: 23,783 last month
Affected Version Ranges: <= 1.2.7
No known fixed version
All affected versions: 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9, 0.6.10, 0.6.11, 0.6.12, 0.6.13, 0.6.15, 0.6.16, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.7.10, 0.7.11, 0.7.12, 0.7.13