Podatność CVE-2024-40422


Publikacja: 2024-07-24

Opis:
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Med.
Devika v1 Path Traversal via snapshot_path
Alperen Ergel
04.08.2024

Typ:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

 Referencje:
https://github.com/stitionai/devika
https://github.com/stitionai/devika/pull/619
https://github.com/alpernae/CVE-2024-40422

Copyright 2024, cxsecurity.com

 

Back to Top