Количество 2
Количество 2
CVE-2024-5821
The vulnerability allows an attacker to access sensitive files on the server by confusing the agent with incorrect file names. When a user requests the content of a file with a misspelled name, the agent attempts to correct the command and inadvertently reveals the content of the intended file, such as /etc/passwd. This can lead to unauthorized access to sensitive information and potential server compromise.
GHSA-f8j4-pwp4-c58m
Improper Access Control in stitionai/devika
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-5821 The vulnerability allows an attacker to access sensitive files on the server by confusing the agent with incorrect file names. When a user requests the content of a file with a misspelled name, the agent attempts to correct the command and inadvertently reveals the content of the intended file, such as /etc/passwd. This can lead to unauthorized access to sensitive information and potential server compromise. | CVSS3: 6.2 | 0% Низкий | больше 1 года назад |
| GHSA-f8j4-pwp4-c58m Improper Access Control in stitionai/devika | CVSS3: 6.2 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу