CVE-2024-40422

Name of the Vulnerable Software and Affected Versions stitutionai devika version v1

Description The issue concerns a path traversal attack through the snapshot path parameter in the "/api/get-browser-snapshot" endpoint. This allows an attacker to manipulate the snapshot path parameter, traverse directories, and access sensitive files on the server, potentially leading to unauthorized access to critical system files and compromising the confidentiality and integrity of the system.

Recommendations For stitionai devika version v1, consider restricting access to the "/api/get-browser-snapshot" endpoint until a patch is available, and avoid using the snapshot path parameter in this endpoint to minimize the risk of exploitation.