CVE-2024-5820

Name of the Vulnerable Software and Affected Versions: stitutionai/devika version ecee79f

Description: The issue arises from an unprotected WebSocket connection, allowing a malicious website to connect to the backend and issue commands on behalf of the user. This enables the malicious website to intercept all communication between the user and the backend, potentially leading to unauthorized command execution and server-side request forgery.

Recommendations: For version ecee79f, consider restricting access to the WebSocket connection to prevent malicious websites from intercepting communication and issuing unauthorized commands. As a temporary workaround, disabling the WebSocket connection until a proper fix is implemented can help minimize the risk of exploitation.