Lucene search
K

5 matches found

nvd
nvd
added 2024/06/27 6:15 p.m.27 views

CVE-2024-5548

A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'projectname' parameter in a GET request to download arbitrary files from the system. This issue...

7.5CVSS0.01021EPSS
Exploits1References2
osv
osv
added 2024/06/27 6:15 p.m.9 views

CVE-2024-5548

A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'projectname' parameter in a GET request to download arbitrary files from the system. This issue...

7.5CVSS7.5AI score
Exploits0References2
vulnrichment
vulnrichment
added 2024/06/27 5:33 p.m.12 views

CVE-2024-5548 Directory Traversal in stitionai/devika

A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'projectname' parameter in a GET request to download arbitrary files from the system. This issue...

7.5CVSS7.5AI score0.01021EPSS
Exploits1References2
cvelist
cvelist
added 2024/06/27 5:33 p.m.29 views

CVE-2024-5548 Directory Traversal in stitionai/devika

A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'projectname' parameter in a GET request to download arbitrary files from the system. This issue...

7.5CVSS0.01021EPSS
Exploits1References2
cve
cve
added 2024/06/27 5:33 p.m.43 views

CVE-2024-5548

Summary (CVE-2024-5548): A directory traversal vulnerability exists in the stitionai/devika repository, affecting the /api/download-project endpoint. The flaw stems from insufficient input validation in the download_project function, when handling the project_name parameter, enabling an attacker ...

7.5CVSS7.5AI score0.01021EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder