Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-40422 PoC — Devika 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-40422.yaml
Associated Vulnerability
Title:Devika 安全漏洞 (CVE-2024-40422)
Description:Devika是stition开源的一个高级 AI 软件工程师。可以理解高级人类指令,将它们分解为步骤,研究相关信息,并编写代码以实现给定的目标。 Devika v1版本存在安全漏洞,该漏洞源于容易受到路径穿越攻击,导致攻击者可以操纵snapshot_path参数来遍历目录和访问服务器上的敏感文件。
Description
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.
File Snapshot

 id: CVE-2024-40422

info:
  name: Devika v1 - Path Traversal
  author: s4e-io,alpernae
  severity: c

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.