Alpernae

**Name of the Vulnerable Software and Affected Versions** stitutionai devika version v1 **Description** The issue concerns a path traversal attack through the `snapshot path` parameter in the "/api/get-browser-snapshot" endpoint. This allows an attacker to manipulate the `snapshot path` parameter, traverse directories, and access sensitive files on the server, potentially leading to unauthorized access to critical system files and compromising the confidentiality and integrity of the system. **Recommendations** For stitionai devika version v1, consider restricting access to the "/api/get-browser-snapshot" endpoint until a patch is available, and avoid using the `snapshot path` parameter in this endpoint to minimize the risk of exploitation.