CVE-2024-40422

Published: Jul 24, 2024

Modified: Jan 29, 2025

PUBLISHED

Description

The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/stitionai/devika

https://github.com/stitionai/devika/pull/619

https://github.com/alpernae/CVE-2024-40422

https://medium.com/@alpernae/uncovering-path-traversal-in-devika-v1-a-deep-dive-into-cve-2024-40422-f8ce81398b99

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-40422

Description

Affected Products

References