Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-5334
HistoryJun 27, 2024 - 6:15 p.m.

CVE-2024-5334

2024-06-2718:15:20
CWE-73
[email protected]
web.nvd.nist.gov
2
github
repository
security
vulnerability
stitionai
devika

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

9.1%

JSON

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the ‘snapshot_path’ parameter in the ‘/api/get-browser-snapshot’ endpoint. An attacker can exploit this vulnerability by crafting a request with a malicious ‘snapshot_path’ parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server.

Related

cvelist 1
vulnrichment 1
cve 1
osv 1
openvas 1
cvelist
cvelist
CVE-2024-5334 Local File Read in stitionai/devika
2024-06-27 17:33:24
vulnrichment
vulnrichment
CVE-2024-5334 Local File Read in stitionai/devika
2024-06-27 17:33:24
cve
cve
CVE-2024-5334
2024-06-27 18:15:20
osv
osv
CVE-2024-5334
2024-06-27 18:15:20
openvas
openvas
Generic HTTP Directory Traversal (Web Application URL Parameter) - Active Check
2017-09-26 00:00:00

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

9.1%

JSON
Related for NVD:CVE-2024-5334
cvelist1vulnrichment1cve1osv1openvas1