75 matches found
CVE-2024-40422
The snapshotpath parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshotpath parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized...
PT-2024-28842 · Unknown · Stitionai/Devika
Name of the Vulnerable Software and Affected Versions: stitutionai devika version v1 Description: The issue concerns a path traversal attack through the snapshot path parameter in the "/api/get-browser-snapshot" endpoint. This allows an attacker to manipulate the snapshot path parameter, traverse...
CVE-2024-40422
The snapshotpath parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshotpath parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized...
Devika 路径遍历漏洞
Devika is an advanced AI software engineer open-sourced by stition. It can understand advanced human instructions, break them down into steps, study the relevant information, and write code to achieve a given goal. A security vulnerability exists in Devika v1. The vulnerability stems from...
CVE-2024-6433
The application zips all the files in the folder specified by the user, which allows an attacker to read arbitrary files on the system by providing a crafted path. This vulnerability can be exploited by sending a request to the application with a malicious snapshotpath parameter...
CVE-2024-5549 Data leak through CORS misconfiguration in stitionai/devika
A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability also enables attackers to perform actions on behalf of the user, such as...
CVE-2024-5549 Data leak through CORS misconfiguration in stitionai/devika
A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability also enables attackers to perform actions on behalf of the user, such as...
CVE-2024-5711 Stored XSS in stitionai/devika
A stored Cross-Site Scripting XSS vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. This vulnerability is due to the lack of input validation and sanitization on both the frontend and backend components of the...
CVE-2024-5711 Stored XSS in stitionai/devika
A stored Cross-Site Scripting XSS vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. This vulnerability is due to the lack of input validation and sanitization on both the frontend and backend components of the...
PT-2024-37088 · Unknown · Stitionai/Devika
Name of the Vulnerable Software and Affected Versions: stitutionai/devika affected versions not specified Description: A stored Cross-Site Scripting XSS vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. This issue is du...
CVE-2024-5887
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-5821
The vulnerability allows an attacker to access sensitive files on the server by confusing the agent with incorrect file names. When a user requests the content of a file with a misspelled name, the agent attempts to correct the command and inadvertently reveals the content of the intended file,...
CVE-2024-5887
CVE-2024-5887 entry is rejected/not used and does not represent an active vulnerability.
CVE-2024-5887
...
CVE-2024-5887
...
CVE-2024-5821 Local File Inclusion (LFI) in stitionai/devika
The vulnerability allows an attacker to access sensitive files on the server by confusing the agent with incorrect file names. When a user requests the content of a file with a misspelled name, the agent attempts to correct the command and inadvertently reveals the content of the intended file,...
CVE-2024-5821
CVE-2024-5821 describes a Local File Inclusion (LFI) in Stitionai/Devika (Devika AI software) where an attacker can access sensitive server files by exploiting a command-correction behavior when a user requests a misspelled filename. The underlying issue is that the agent’s correction attempt rev...
CVE-2024-5821 Local File Inclusion (LFI) in stitionai/devika
The vulnerability allows an attacker to access sensitive files on the server by confusing the agent with incorrect file names. When a user requests the content of a file with a misspelled name, the agent attempts to correct the command and inadvertently reveals the content of the intended file,...
The vulnerability of the AI-based development tool Devika, related to the, allows a hacker to execute a CSRF attack.
The vulnerability of the AI-based development tool Devika relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack...
Number withdrawn
Stition Devika is a Senior AI Software Engineer at Stition USA that understands advanced human commands, breaks them down into steps, researches relevant information, and writes code to achieve given goals. This CVE number has been withdrawn...