216.73.217.176

CVE-2024-40422

· Published 24/07/2024 16:15 · Modified 24/07/2024 17:12

Labels: CVE-2024-40422 2024-07-24CVE-2024-40422[email protected]

Essential information

Published
24/07/2024 16:15
Modified
24/07/2024 17:12
Author
Creator
CISA KEV
No
CWE

Description

The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References