CVE-2024-5334

HIGH

CVSS v3

7.5

HIGH

EPSS Score

62.7%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with a malicious 'snapshot_path' parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server.

Technical Details

Published
6/27/2024

Frequently Asked Questions

What is CVE-2024-5334?

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with a malicious 'snapshot_path' parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server.

Is CVE-2024-5334 actively exploited?

Active exploitation of CVE-2024-5334 has not been confirmed. The EPSS score is 62.7%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-5334?

CVE-2024-5334 has a CVSS v3 base score of 7.5 (HIGH severity).

Is CVE-2024-5334 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.