CVE-2024-5334

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-5334

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-5334.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-5334

Published

2024-06-27T18:15:20Z

Modified

2025-01-08T02:47:21Z

Summary

[none]

Details

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with a malicious 'snapshotpath' parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server.

References

Affected packages

Git / github.com/stitionai/devika

Affected ranges

Type: GIT
Repo: https://github.com/stitionai/devika
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6acce21fb08c3d1123ef05df6a33912bf0ee77c2

Fixed

6acce21fb08c3d1123ef05df6a33912bf0ee77c2