High severity7.5NVD Advisory· Published Jun 27, 2024· Updated Jun 17, 2026
CVE-2024-5548
CVE-2024-5548
Description
A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Attackers can exploit this vulnerability by manipulating the 'project_name' parameter in a GET request to download arbitrary files from the system. This issue affects the latest version of the repository. The vulnerability arises due to insufficient input validation in the 'download_project' function, allowing attackers to traverse the directory structure and access files outside the intended directory. This could lead to unauthorized access to sensitive files on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- stitionai/stitionai/devikav5Range: unspecified
Patches
Vulnerability mechanics
References
2- github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2nvdPatch
- huntr.com/bounties/ad7dd135-8839-4042-87c0-105af61d262cnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.