Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local File Inclusion (LFI) in stitionai/devika
Vulnerability Description
The vulnerability allows an attacker to access sensitive files on the server by confusing the agent with incorrect file names. When a user requests the content of a file with a misspelled name, the agent attempts to correct the command and inadvertently reveals the content of the intended file, such as /etc/passwd. This can lead to unauthorized access to sensitive information and potential server compromise.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Devika 访问控制错误漏洞
Vulnerability Description
Devika是Stition AI的一位高级 AI 软件工程师,可以理解高级人类指令,将它们分解为步骤,研究相关信息,并编写代码以实现给定的目标。 Devika存在访问控制错误漏洞。攻击者利用该漏洞可进行未经授权的访问或操作。
CVSS Information
N/A
Vulnerability Type
N/A