Stitionai Devika

11 CVEs affecting Stitionai Devika. Latest disclosed: 2024-08-14. Critical: 2, High: 7.

Top CVEs affecting Stitionai Devika
CVESeverityScorePublishedSummary
CVE-2024-40422Critical9.12024-07-24The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipul…
CVE-2024-5926Critical9.12024-06-30A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and caus…
CVE-2024-5820High8.82024-06-27An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue c…
CVE-2024-5549High8.12024-07-09A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings contain…
CVE-2024-5712High8.12024-06-28A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows a…
CVE-2024-6331High7.52024-08-04stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. The integration…
CVE-2024-5548High7.52024-06-27A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit th…
CVE-2024-5547High7.52024-06-27A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. The vuln…
CVE-2024-5334High7.52024-06-27A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the '…
CVE-2024-7790Medium6.52024-08-14A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input.
CVE-2024-5711Medium6.12024-07-08A stored Cross-Site Scripting (XSS) vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat in…