2 matches found
VulnCheck KEV: CVE-2024-5334
A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with...
PT-2024-28842 · Unknown · Stitionai/Devika
Name of the Vulnerable Software and Affected Versions: stitutionai devika version v1 Description: The issue concerns a path traversal attack through the snapshot path parameter in the "/api/get-browser-snapshot" endpoint. This allows an attacker to manipulate the snapshot path parameter, traverse...