CVE-2024-40422

July 24, 2024, 5:12 p.m.

Tags

cve@mitre.org
2024-07-24
CVE-2024-40422

Product(s) Impacted

stitionai devika v1

Description

The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.

Weaknesses

Date

Published: July 24, 2024, 4:15 p.m.

Last Modified: July 24, 2024, 5:12 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

References

https://github.com/alpernae/CVE-2024-40422
cve@mitre.org
https://github.com/stitionai/devika
cve@mitre.org
https://github.com/stitionai/devika/pull/619
cve@mitre.org