High

devika

Directory Traversal Vulnerability in Download Endpoint

A directory traversal vulnerability exists in the latest version of the software, allowing attackers to download any file from the system. This issue has not yet been patched.

Available publicly on Jun 27 2024

7.5

Remediation Steps
  • Validate and sanitize the 'project_name' parameter to ensure it does not contain directory traversal sequences (e.g., '../').
  • Implement a whitelist of allowed project names or directories.
  • Use secure functions to handle file paths and avoid direct manipulation of user input.
  • Conduct a thorough security review of the codebase to identify and fix similar vulnerabilities.
Patch Details
  • Fixed Version: -
  • Patch Commit: https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.