75 matches found
Devika Access Control Error Vulnerability
Stition Devika is an advanced AI software engineer at Stition USA that understands advanced human commands, breaks them down into steps, researches relevant information, and writes code to achieve a given goal. Devika is vulnerable to an access control error. An attacker exploiting this...
CVE-2024-5926
A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and cause a Denial of Service DoS. This issue is present in all versions of the application. The vulnerability arises due to insufficient path...
CVE-2024-5926 Path Traversal in stitionai/devika
A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and cause a Denial of Service DoS. This issue is present in all versions of the application. The vulnerability arises due to insufficient path...
CVE-2024-5926 Path Traversal in stitionai/devika
A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and cause a Denial of Service DoS. This issue is present in all versions of the application. The vulnerability arises due to insufficient path...
CVE-2024-5926
CVE-2024-5926 involves a path traversal in stitionai/devika’s get-project-files function. The root cause is insufficient path sanitization for the project-name parameter, enabling an attacker to traverse the filesystem and read arbitrary files, potentially causing a Denial of Service across all v...
PT-2024-37245 · Unknown · Stitionai/Devika
Name of the Vulnerable Software and Affected Versions: stitionai/devika affected versions not specified Description: A path traversal issue in the get-project-files functionality allows attackers to read arbitrary files from the filesystem and cause a Denial of Service DoS. The issue arises due t...
Devika Security Breach
Stition Devika is an advanced AI software engineer at Stition USA that understands advanced human commands, breaks them down into steps, researches relevant information, and writes code to achieve a given goal. Devika has a security vulnerability that stems from the presence of path traversal...
CVE-2024-5712
A Cross-Site Request Forgery CSRF vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting projects or changing application settings,...
CVE-2024-5712
A Cross-Site Request Forgery CSRF vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting projects or changing application settings,...
CVE-2024-5712 CSRF Vulnerability in stitionai/devika
A Cross-Site Request Forgery CSRF vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting projects or changing application settings,...
CVE-2024-5712
The CVE-2024-5712 entry concerns stitionai/devika (latest version) with a Cross-Site Request Forgery (CSRF) flaw. The underlying issue is absence of CSRF protections, allowing an attacker to trigger unauthorized actions in a victim’s browser context, such as deleting projects or changing settings...
CVE-2024-5712 CSRF Vulnerability in stitionai/devika
A Cross-Site Request Forgery CSRF vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting projects or changing application settings,...
Devika Cross-Site Request Forgery Vulnerability
Stition Devika is an advanced AI software engineer at Stition USA that understands advanced human commands, breaks them down into steps, researches the relevant information, and writes code to achieve a given goal. Devika has a cross-site request forgery vulnerability that stems from the presence...
CVE-2024-5820
An unprotected WebSocket connection in the latest version of stitionai/devika commit ecee79f allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all...
CVE-2024-5820
An unprotected WebSocket connection in the latest version of stitionai/devika commit ecee79f allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all...
CVE-2024-5820 Unprotected WebSocket in stitionai/devika
An unprotected WebSocket connection in the latest version of stitionai/devika commit ecee79f allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all...
CVE-2024-5820
CVE-2024-5820 describes an unprotected WebSocket in the stitionai/devika backend (commit ecee79f). This vulnerability allows a malicious website to connect to the backend, issue commands on behalf of the user, and have the backend serve all listeners on the socket, enabling interception of user-b...
CVE-2024-5820 Unprotected WebSocket in stitionai/devika
An unprotected WebSocket connection in the latest version of stitionai/devika commit ecee79f allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all...
CVE-2024-5548
A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'projectname' parameter in a GET request to download arbitrary files from the system. This issue...
CVE-2024-5334
A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with...