Sightline

High

devika

Directory Traversal Vulnerability in Download Endpoint

A directory traversal vulnerability exists in the latest version of the software, allowing attackers to download any file from the system. This issue has not yet been patched.

Available publicly on Jun 27 2024 | Available with Premium on Jun 08 2024

CVE:

CVE-2024-5548

CWE:

22:Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Credit:

ranjit-git

Assess Detect

Premium

Remediate

Remediation Steps

Validate and sanitize the 'project_name' parameter to ensure it does not contain directory traversal sequences (e.g., '../').
Implement a whitelist of allowed project names or directories.
Use secure functions to handle file paths and avoid direct manipulation of user input.
Conduct a thorough security review of the codebase to identify and fix similar vulnerabilities.

Patch Details

Fixed Version: -
Patch Commit: https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2

Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 433- related security advisories that are available with Sightline Premium.