Devika@1.0 Security Vulnerabilities and Issues — Devika@1.0 CVE List

Lucene search

StitionaiDevika1.0

7 matches found

CVE•added 2024/06/27 6:15 p.m.•130 views

CVE-2024-5334

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with ...

7.5CVSS7.3AI score0.3087EPSS

CVE•added 2024/07/24 4:15 p.m.•105 views

CVE-2024-40422

The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized ...

9.1CVSS6.4AI score0.88341EPSS

CVE•added 2024/07/09 12:15 a.m.•55 views

CVE-2024-5549

A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability also enables attackers to perform actions on behalf of the user, such as deleti...

8.1CVSS7.9AI score0.00062EPSS

CVE•added 2024/06/27 6:15 p.m.•37 views

CVE-2024-5547

A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. The vulnerability arises due to insufficient sanitization of the 'project_name' parameter in the download_project_pdf function. Attackers can exploi...

7.5CVSS7.4AI score0.00447EPSS

CVE•added 2024/06/27 7:15 p.m.•37 views

CVE-2024-5820

An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all co...

8.8CVSS7.7AI score0.00353EPSS

CVE•added 2024/06/28 8:15 p.m.•36 views

CVE-2024-5712

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting projects or changing application settings, w...

8.1CVSS8.1AI score0.00054EPSS

CVE•added 2024/06/27 6:15 p.m.•33 views

CVE-2024-5548

A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'project_name' parameter in a GET request to download arbitrary files from the system. This issue affec...

7.5CVSS7.5AI score0.00358EPSS