Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ycHg4LWZnNnctcm02eM4AA8xQ
lunary-ai/lunary XSS in SAML metadata endpoint
A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint /auth/saml/${org?.id}/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the generated response. Specifically, the endpoint generates XML responses for SAML metadata, where the orgId parameter is directly embedded into the XML structure without proper sanitization or validation. This flaw allows an attacker to inject arbitrary JavaScript code into the generated SAML metadata page, leading to potential theft of user cookies or authentication tokens.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ycHg4LWZnNnctcm02eM4AA8xQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 5 months ago
Updated: 4 months ago
CVSS Score: 7.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Identifiers: GHSA-rpx8-fg6w-rm6x, CVE-2024-5478
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-5478
- https://huntr.com/bounties/e899f496-d493-4c06-b596-cb0a88ad451b
- https://github.com/lunary-ai/lunary/blob/main/packages/backend/src/api/v1/auth/saml.ts#L34
- https://github.com/advisories/GHSA-rpx8-fg6w-rm6x
Blast Radius: 1.0
Affected Packages
npm:lunary
Dependent packages: 0Dependent repositories: 0
Downloads: 23,783 last month
Affected Version Ranges: <= 1.2.7
No known fixed version
All affected versions: 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9, 0.6.10, 0.6.11, 0.6.12, 0.6.13, 0.6.15, 0.6.16, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.7.10, 0.7.11, 0.7.12, 0.7.13