Описание
The application zips all the files in the folder specified by the user, which allows an attacker to read arbitrary files on the system by providing a crafted path. This vulnerability can be exploited by sending a request to the application with a malicious snapshot_path parameter.
EPSS
Процентиль: 61%
0.00407
Низкий
7.5 High
CVSS3
Дефекты
CWE-23
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
Relative Path Traversal in GitHub repository stitionai/devika prior to -.
EPSS
Процентиль: 61%
0.00407
Низкий
7.5 High
CVSS3
Дефекты
CWE-23