Stitionai Devika
11 CVEs affecting Stitionai Devika. Latest disclosed: 2024-08-14. Critical: 2, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-40422 | Critical | 9.1 | 2024-07-24 | The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipul… |
CVE-2024-5926 | Critical | 9.1 | 2024-06-30 | A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and caus… |
CVE-2024-5820 | High | 8.8 | 2024-06-27 | An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue c… |
CVE-2024-5549 | High | 8.1 | 2024-07-09 | A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings contain… |
CVE-2024-5712 | High | 8.1 | 2024-06-28 | A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows a… |
CVE-2024-6331 | High | 7.5 | 2024-08-04 | stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. The integration… |
CVE-2024-5548 | High | 7.5 | 2024-06-27 | A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit th… |
CVE-2024-5547 | High | 7.5 | 2024-06-27 | A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. The vuln… |
CVE-2024-5334 | High | 7.5 | 2024-06-27 | A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the '… |
CVE-2024-7790 | Medium | 6.5 | 2024-08-14 | A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input. |
CVE-2024-5711 | Medium | 6.1 | 2024-07-08 | A stored Cross-Site Scripting (XSS) vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat in… |