2024-06-27 17:33:24
@huntr_ai
PUBLISHED
A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the snapshot_path parameter in the /api/get-browser-snapshot endpoint. An attacker can exploit this vulnerability by crafting a request with a malicious snapshot_path parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server.