Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unprotected WebSocket in stitionai/devika
Vulnerability Description
An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all communication between the user and the backend. This vulnerability can lead to unauthorized command execution and potential server-side request forgery.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
devika 安全漏洞
Vulnerability Description
Devika是Stition AI的一位高级 AI 软件工程师,可以理解高级人类指令,将它们分解为步骤,研究相关信息,并编写代码以实现给定的目标。 devika 存在安全漏洞,该漏洞源于UI 和后端之间未有效保护 websocket。
CVSS Information
N/A
Vulnerability Type
N/A