← Back to CVE List

CVE-2024-5548

Published: 2024-06-27T18:15Z
Last Modified: 2024-11-21T09:47Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'project_name' parameter in a GET request to download arbitrary files from the system. This issue affects the latest version of the repository. The vulnerability arises due to insufficient input validation in the 'download_project' function, allowing attackers to traverse the directory structure and access files outside the intended directory. This could lead to unauthorized access to sensitive files on the server. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt