Описание
A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting projects or changing application settings, without any CSRF protection implemented. Successful exploitation disrupts the integrity and availability of the application and its data.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:stitionai:devika:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00166
Низкий
8.1 High
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.1
github
больше 1 года назад
Cross-Site Request Forgery (CSRF) in stitionai/devika
EPSS
Процентиль: 38%
0.00166
Низкий
8.1 High
CVSS3
Дефекты
CWE-352