fkie_cve-2024-5752
Vulnerability from fkie_nvd
Published
2025-03-20 10:15
Modified
2025-03-20 10:15
Severity ?
Summary
A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that traverses directories. This can lead to arbitrary file overwrite when the application generates code and saves it to the specified project directory, potentially resulting in remote code execution.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that traverses directories. This can lead to arbitrary file overwrite when the application generates code and saves it to the specified project directory, potentially resulting in remote code execution."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de path traversal en stitionai/devika, espec\u00edficamente en la funci\u00f3n de creaci\u00f3n de proyectos. En la versi\u00f3n afectada (beacf6edaa205a5a5370525407a6db45137873b3), el nombre del proyecto no est\u00e1 validado, lo que permite a un atacante crear un proyecto con un nombre manipulado que recorra directorios. Esto puede provocar la sobrescritura arbitraria de archivos cuando la aplicaci\u00f3n genera c\u00f3digo y lo guarda en el directorio de proyecto especificado, lo que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2024-5752",
"lastModified": "2025-03-20T10:15:32.733",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
]
},
"published": "2025-03-20T10:15:32.733",
"references": [
{
"source": "security@huntr.dev",
"url": "https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2"
},
{
"source": "security@huntr.dev",
"url": "https://huntr.com/bounties/865b5f44-ef75-4243-a5f1-2f0d895353b1"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…