Description

stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. The integration of Google Gimini 1.0 Pro with `HarmBlockThreshold.BLOCK_NONE` for `HarmCategory.HARM_CATEGORY_HATE_SPEECH` and `HarmCategory.HARM_CATEGORY_HARASSMENT` in `safety_settings` disables content protection. This allows malicious commands to be executed, such as reading sensitive file contents like `/etc/passwd`.

INFO

Published Date :

2024-08-04T00:00:15.148Z

Last Modified :

2024-08-30T15:27:54.554Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-6331 vulnerability.

Vendors Products
Stitionai
  • Devika
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6331.

URL Resource
https://huntr.com/bounties/d5ac1051-22fa-42f0-8d82-73267482e60f cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact