4 matches found
CVE-2024-5820
An unprotected WebSocket connection in the latest version of stitionai/devika commit ecee79f allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all...
CVE-2024-5820 Unprotected WebSocket in stitionai/devika
An unprotected WebSocket connection in the latest version of stitionai/devika commit ecee79f allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all...
CVE-2024-5820
CVE-2024-5820 describes an unprotected WebSocket in the stitionai/devika backend (commit ecee79f). This vulnerability allows a malicious website to connect to the backend, issue commands on behalf of the user, and have the backend serve all listeners on the socket, enabling interception of user-b...
CVE-2024-5820 Unprotected WebSocket in stitionai/devika
An unprotected WebSocket connection in the latest version of stitionai/devika commit ecee79f allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all...