FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-5334

External Control of File Name or Path (CWE-73)

Published: Jun 27, 2024 / Updated: 4mo ago

010
High Severity
(Estimated)
EPSS 0.04%
CVE info copied to clipboard

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with a malicious 'snapshot_path' parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server.

Timeline

CVE Assignment

NVD published the first details for CVE-2024-5334

Jun 27, 2024 at 6:15 PM
First Article

Feedly found the first article mentioning CVE-2024-5334. See article

Jun 27, 2024 at 6:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jun 27, 2024 at 6:35 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.1%)

Jun 28, 2024 at 9:57 AM
Static CVE Timeline Graph

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-13: Subverting Environment Variable Values
+null more

News

NA - CVE-2024-5334 - External Control of File Name or Path in GitHub...
Security-Database Alerts Monitor : Last 100 Alerts / 4mo
% Id Name 100 % CWE-73 External Control of File Name or Path External Control of File Name or Path in GitHub repository stitionai/devika prior to -.
CVE-2024-5334 | stitionai devika file inclusion
VulDB Recent Entries / 4mo
A vulnerability classified as problematic was found in stitionai devika . This vulnerability affects unknown code. The manipulation leads to file inclusion. This vulnerability was named CVE-2024-5334 . The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
CVE-2024-5334 - External Control of File Name or Path in GitHub re
Latest Vulnerabilities / 4mo
CVE ID : CVE-2024-5334 Published : June 27, 2024, 6:15 p.m. 19 minutes ago Description : External Control of File Name or Path in GitHub repository stitionai/devika prior to -. Severity: 7.5 HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-5334
Vulners.com RSS Feed / 4mo
External Control of File Name or Path in GitHub repository stitionai/devika prior to...
CVE-2024-5334
National Vulnerability Database / 4mo
External Control of File Name or Path in GitHub repository stitionai/devika prior to -.

CVSS V3.1

Unknown

Categories

CWE-73(152)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial