High

devika

Local File Read via Prompt Injection

A vulnerability in the `devika` project using Google Gimini 1.0 Pro allows for local file read via prompt injection. The affected version is the main branch as of May 2nd, 2024, commit cdfb782b0e634b773b10963c8034dc9207ba1f9f. The issue has not yet been patched.

Available publicly on Aug 04 2024

7.5

CVE:

CVE-2024-6331

CWE:

74:Injection

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Credit:

zpbrent
AssessDetect

Premium

Remediate
Remediation Steps
  • Update the safety settings in devika to use HarmBlockThreshold.BLOCK_LOW_AND_ABOVE for HarmCategory.HARM_CATEGORY_HATE_SPEECH and HarmCategory.HARM_CATEGORY_HARASSMENT.
  • Review and sanitize user inputs to prevent prompt injection.
  • Regularly update dependencies and apply security patches.
  • Monitor logs for any suspicious activity that may indicate exploitation attempts.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.