Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal in stitionai/devika
Vulnerability Description
A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and cause a Denial of Service (DoS). This issue is present in all versions of the application. The vulnerability arises due to insufficient path sanitization for the 'project-name' parameter, enabling attackers to specify paths that traverse the filesystem. By setting 'project-name' to the root directory, an attacker can cause the application to attempt to read the entire filesystem, leading to a DoS condition.
CVSS Information
N/A
Vulnerability Type
路径遍历:’..filename’
Vulnerability Title
Devika 安全漏洞
Vulnerability Description
Devika是Stition AI的一位高级 AI 软件工程师,可以理解高级人类指令,将它们分解为步骤,研究相关信息,并编写代码以实现给定的目标。 Devika 存在安全漏洞,该漏洞源于存在路径遍历。
CVSS Information
N/A
Vulnerability Type
N/A