CVE-2024-5752

Name of the Vulnerable Software and Affected Versions stitutionai/devika version beacf6edaa205a5a5370525407a6db45137873b3

Description A path traversal issue exists in the project creation functionality, where the project name is not validated. This allows an attacker to create a project with a crafted name that traverses directories, potentially leading to arbitrary file overwrite when the application generates code and saves it to the specified project directory. This could result in remote code execution.

Recommendations For version beacf6edaa205a5a5370525407a6db45137873b3, consider validating project names to prevent directory traversal, and ensure that generated code is saved to a secure, non-accessible location until a patch is available. As a temporary workaround, restrict the project creation functionality to authorized users only.