In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., '
[email protected]' and '
[email protected]'), leading to incorrect synchronization and potential security issues.
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt