Unknown
Multiple Products
Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code e...
2025-12-03
Description
Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently evaluated by setDynamicContent, allowing an unauthenticated attacker to execute arbitrary code via the m tag. The vulnerability is patched in versions 7.2.8, 7.3.13, and 7.4.6.
AI Analyst Comment
Remediation
Update Masa CMS is an open source Enterprise Content Management Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Lunary
PRODUCT: Lunary (AI Observability Platform)
AFFECTED_VERSIONS: Version 1
---END_METADATA---
Description Summary:
A vulnerability was identified in lunary-ai/lunary version 1. The flaw could allow for unauthorized actions or data access depending on the specific implementation of the platform.
Executive Summary:
A High-severity vulnerability in Lunary version 1 poses a risk to the security of AI observability data and system integrity.
Vulnerability Details
CVE-ID: CVE-2024-4147
Affected Software: Lunary (lunary-ai/lunary)
Affected Versions: Version 1
Vulnerability: While the specific technical mechanism is not fully detailed in the summary, a CVSS score of 7.5 suggests a significant flaw, likely involving improper access control or insecure handling of user-supplied data within the AI observability platform.
Business Impact
Successful exploitation could lead to the exposure of sensitive AI training data, prompt logs, or unauthorized configuration changes. The CVSS score of 7.5 indicates a High-severity impact, potentially resulting in a breach of confidentiality and loss of trust in the AI governance framework.
Remediation Plan
Immediate Action: Update the Lunary platform to the latest stable version (version 2 or higher) where this vulnerability has been addressed.
Proactive Monitoring: Review access logs for the Lunary dashboard and API endpoints for any anomalous patterns or unauthorized data export attempts.
Compensating Controls: Implement strong Identity and Access Management (IAM) policies and ensure the Lunary instance is protected by a Web Application Firewall (WAF).
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 3, 2026, there is no public information indicating active exploitation of this vulnerability. Given the increasing adoption of AI observability tools, this platform remains an attractive target for attackers.
Analyst Recommendation
The severity of this vulnerability necessitates immediate attention to ensure the security of AI development pipelines. It is recommended to migrate from the vulnerable version 1 to a supported, patched version of Lunary immediately to mitigate the risk of data compromise.