Database Path Traversal Vulnerability Discovered in Stationai/devika GitHub Repository
CVE-2024-6433
Currently unrated
Summary
The application zips all the files in the folder specified by the user, which allows an attacker to read arbitrary files on the system by providing a crafted path. This vulnerability can be exploited by sending a request to the application with a malicious snapshot_path parameter.
References
Timeline
Vulnerability published