References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2

https://huntr.com/bounties/ad7dd135-8839-4042-87c0-105af61d262c

Path Traversal in GitHub repository stitionai/devika prior to -.

A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'project_name' parameter in a GET request to download arbitrary files from the system. This issue affects the latest version of the repository. The vulnerability arises due to insufficient input validation in the 'download_project' function, allowing attackers to traverse the directory structure and acc

Path Traversal in GitHub repository stitionai/devika prior to -.

huntr.dev AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

huntr.dev CWE-22

huntr.dev https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2 [No types assigned]

huntr.dev https://huntr.com/bounties/ad7dd135-8839-4042-87c0-105af61d262c [No types assigned]