cvedb.io
CVE-2024-8999
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-03-20T10:15:45.830 · Last modified 2026-06-17T08:23:45.750

Summary

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. The issue is fixed in version 1.4.26.

Affected products

lunary — lunary

Does this affect you?

Add your gear to cvedb and we'll alert you only when lunary ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.