Description

A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. The vulnerability arises due to insufficient sanitization of the 'project_name' parameter in the download_project_pdf function. Attackers can exploit this flaw by manipulating the 'project_name' parameter in a GET request to traverse the directory structure and download arbitrary PDF files from the system. This issue allows attackers to access sensitive information that could be stored in PDF format outside the intended directory.

INFO

Published Date :

2024-06-27T17:33:35.488Z

Last Modified :

2024-08-01T21:18:06.450Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-5547 vulnerability.

Vendors Products
Stitionai
  • Devika
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-5547.

URL Resource
https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2 cve-icon cve-icon cve-icon
https://huntr.com/bounties/7ea0eb5f-7643-4452-bc93-a225e2090283 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact