In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character (.) in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., attacker123@gmail.com and attacker.123@gmail.com), leading to incorrect synchronization and potential security issues.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Lunary | Lunary | * | 1.2.11 (including) |