CVE-2024-5547

Source
https://cve.org/CVERecord?id=CVE-2024-5547
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5547.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-5547
Published
2024-06-27T17:33:35.488Z
Modified
2026-07-11T04:03:23.534533180Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Directory Traversal in stitionai/devika
Details

A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. The vulnerability arises due to insufficient sanitization of the 'projectname' parameter in the downloadprojectpdf function. Attackers can exploit this flaw by manipulating the 'projectname' parameter in a GET request to traverse the directory structure and download arbitrary PDF files from the system. This issue allows attackers to access sensitive information that could be stored in PDF format outside the intended directory.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/5xxx/CVE-2024-5547.json",
    "cwe_ids": [
        "CWE-23"
    ],
    "cna_assigner": "@huntr_ai"
}
References

Affected packages

Git / github.com/stitionai/devika

Affected ranges

Type
GIT
Repo
https://github.com/stitionai/devika
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5547.json"