Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Directory Traversal in stitionai/devika
Vulnerability Description
A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'project_name' parameter in a GET request to download arbitrary files from the system. This issue affects the latest version of the repository. The vulnerability arises due to insufficient input validation in the 'download_project' function, allowing attackers to traverse the directory structure and access files outside the intended directory. This could lead to unauthorized access to sensitive files on the server.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Devika 路径遍历漏洞
Vulnerability Description
Devika是一名高级人工智能软件工程师,能够理解高级人类指令,将其分解为步骤,研究相关信息,并编写代码以实现既定目标。 Devika 存在路径遍历漏洞,该漏洞源于应用存在相对路径遍历漏洞。
CVSS Information
N/A
Vulnerability Type
N/A