CVE-2024-6331

stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read LFI by Prompt Injection. The integration of Google Gimini 1.0 Pro with HarmBlockThreshold.BLOCKNONE for HarmCategory.HARMCATEGORYHATESPEECH and HarmCategory.HARMCATEGORYHARASSMENT i...

CVE-2024-6331

stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read LFI by Prompt Injection. The integration of Google Gimini 1.0 Pro with HarmBlockThreshold.BLOCKNONE for HarmCategory.HARMCATEGORYHATESPEECH and HarmCategory.HARMCATEGORYHARASSMENT i...

CVE-2024-6331 Injection by Prompt Injection in stitionai/devika

stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read LFI by Prompt Injection. The integration of Google Gimini 1.0 Pro with HarmBlockThreshold.BLOCKNONE for HarmCategory.HARMCATEGORYHATESPEECH and HarmCategory.HARMCATEGORYHARASSMENT i...

CVE-2024-6331

CVE-2024-6331 affects stitionai/devika: Local File Read via Prompt Injection on the main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f. The issue stems from prompt-injection allowing execution of commands that can read sensitive files (e.g., /etc/passwd) due to HarmBlockThreshold.B...

PT-2024-37546 · Stitionai +1 · Devika +1

Name of the Vulnerable Software and Affected Versions: stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f stitionai/devika up to version 1.0 Description: The issue concerns a Local File Read LFI vulnerability by Prompt Injection. It is caused by the integration of...

KLA70416 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, gain privileges, obtain sensitive information, spoof user interface, read local files. Below is a complete...

CVE-2024-5334 Local File Read in stitionai/devika

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with...

PT-2024-35727 · Devika · Devika

Name of the Vulnerable Software and Affected Versions: stitutionai/devika version latest Description: A local file read issue exists due to improper handling of the snapshot path parameter in the "/api/get-browser-snapshot" endpoint. An attacker can exploit this by crafting a request with a...

CVE-2024-22333

CVE-2024-22333 affects IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10–8.11. The vulnerability enables storing web pages locally on the system, which can be read by another user (information disclosure). The IBM advisories and Red Hat/RH-enriched sources confirm the affe...

CVE-2022-43841

CVE-2022-43841 affects IBM Aspera Console versions 3.4.0–3.4.2 PL9. The issue allows stored web pages to be read by another user on the same system (information disclosure), caused by local access to cached/stored content. IBM’s bulletin summarizes the vulnerability and lists the affected product...

MLflow has a Local File Read/Path Traversal bypass

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

GHSA-RFQQ-WQ6W-72JM MLflow has a Local File Read/Path Traversal bypass

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

CVE-2024-1561 Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio

An issue was discovered in gradio-app/gradio, where the /componentserver endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the moveresourcetoblockcache method of the Block class, an attacker can copy any fi...

CVE-2024-1594 Local File Read via Path Traversal in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

PT-2024-18132

Name of the Vulnerable Software and Affected Versions gradio-app/gradio affected versions not specified Description An issue was discovered in gradio-app/gradio, where the "/component server" endpoint improperly allows the invocation of any method on a Component class with attacker-controlled...

CVE-2023-46181

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269686...

CVE-2023-46181

CVE-2023-46181 affects IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0. The issue allows web pages to be stored locally and read by another user on the same system (information disclosure). Remediation: upgrade to IBM Sterling Secure Proxy iFix 11 (for 6.0.3) or iFix 03 (for 6.1.0) per IBM. Ot...

CVE-2024-2045

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...

CVE-2024-2045

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...

Session fixation

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...