Vulnerability CVE-2024-40422


Published: 2024-07-24

Description:
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Devika v1 Path Traversal via snapshot_path
Alperen Ergel
04.08.2024

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

 References:
https://github.com/stitionai/devika
https://github.com/stitionai/devika/pull/619
https://github.com/alpernae/CVE-2024-40422

Copyright 2024, cxsecurity.com

 

Back to Top