From dd3719c75f78a4c5e5c33e8dd53f26376c096381 Mon Sep 17 00:00:00 2001
From: Vincelwt <vincelwt@users.noreply.github.com>
Date: Fri, 15 Nov 2024 13:00:46 +0800
Subject: [PATCH] Improve GHSA-3mwc-2cj7-gx8c

---
 .../06/GHSA-3mwc-2cj7-gx8c/GHSA-3mwc-2cj7-gx8c.json | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/advisories/github-reviewed/2024/06/GHSA-3mwc-2cj7-gx8c/GHSA-3mwc-2cj7-gx8c.json b/advisories/github-reviewed/2024/06/GHSA-3mwc-2cj7-gx8c/GHSA-3mwc-2cj7-gx8c.json
index 3e2c071cb68ac..1020ec3731b44 100644
--- a/advisories/github-reviewed/2024/06/GHSA-3mwc-2cj7-gx8c/GHSA-3mwc-2cj7-gx8c.json
+++ b/advisories/github-reviewed/2024/06/GHSA-3mwc-2cj7-gx8c/GHSA-3mwc-2cj7-gx8c.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3mwc-2cj7-gx8c",
-  "modified": "2024-09-11T18:23:12Z",
+  "modified": "2024-09-11T18:23:16Z",
   "published": "2024-06-10T00:30:39Z",
   "aliases": [
     "CVE-2024-5389"
@@ -9,10 +9,6 @@
   "summary": "lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management",
   "details": "In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset prompts and their variations against the organization or project of the requesting user. As a result, unauthorized modifications to dataset prompts can occur, leading to altered or removed dataset prompts without proper authorization. This vulnerability impacts the integrity and consistency of dataset information, potentially affecting the results of experiments.",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
-    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"
@@ -22,7 +18,7 @@
     {
       "package": {
         "ecosystem": "npm",
-        "name": "lunary"
+        "name": ""
       },
       "ranges": [
         {
@@ -30,9 +26,6 @@
           "events": [
             {
               "introduced": "0"
-            },
-            {
-              "fixed": "1.4.9"
             }
           ]
         }
@@ -61,7 +54,7 @@
     "cwe_ids": [
       "CWE-1220"
     ],
-    "severity": "CRITICAL",
+    "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2024-06-10T18:36:36Z",
     "nvd_published_at": "2024-06-09T23:15:50Z"