generated content from 2024-11-01

mapping.csv

@@ -254181,3 +254181,4 @@ vulnerability,CVE-2024-10653,vulnerability--1720514a-a7ed-484a-9909-863e4fc1dee8
 vulnerability,CVE-2024-10651,vulnerability--56c94bea-c0aa-4aeb-b075-8babbb2667bc
 vulnerability,CVE-2024-10654,vulnerability--3d07ab38-424b-4a50-a8b6-809ef188f2bf
 vulnerability,CVE-2024-10367,vulnerability--284f1383-dd1f-4c33-9fce-a53289776a7d
+vulnerability,CVE-2024-7456,vulnerability--eb6fe164-7842-4c83-b402-184cb44f2ce1

objects/vulnerability/vulnerability--eb6fe164-7842-4c83-b402-184cb44f2ce1.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--1154cc56-211c-4778-8ba3-13329b49e5ec",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--eb6fe164-7842-4c83-b402-184cb44f2ce1",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2024-11-01T13:25:57.522753Z",
+            "modified": "2024-11-01T13:25:57.522753Z",
+            "name": "CVE-2024-7456",
+            "description": "A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. The `order by` clause of the SQL query uses `sql.unsafe` without prior sanitization, allowing for SQL injection. The `orderByClause` variable is constructed without server-side validation or sanitization, enabling an attacker to execute arbitrary SQL commands. Successful exploitation can lead to complete data loss, modification, or corruption.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2024-7456"
+                }
+            ]
+        }
+    ]
+}