devika icon indicating copy to clipboard operation
devika copied to clipboard
verified publisher icon stitionai

[Security Bug] Path Traversal Vulnerability in the API.

Open slash0x99 opened this issue 11 months ago • 2 comments

Describe the bug

When performing static code analysis, if a parameter received in the API is forwarded directly to the user without validation, a critical vulnerability arises.In the Devika.py file, the /api/get-browser-snapshot endpoint takes the query from the request and sends the specified file to the user. Since there is no filtering or additional validation, any file can be sent to the user.

PoC

The vulnerability arises as you can see from below.

  • Vulnerable Endpoint: localhost:1337/api/get-browser-snapshot?snapshot_path=
  • Payload: ../../../../../../etc/passwd

Url: Image

File Content: Image

Vulnerable Code Snippet: Image

Mitigation

  • https://owasp.org/www-community/attacks/Path_Traversal
  • https://brightsec.com/blog/directory-traversal-mitigation/
  • https://portswigger.net/web-security/file-path-traversal

slash0x99 avatar Jan 29 '25 10:01 slash0x99

Hey @slash0x99 , I already submitted that issue and also created a pull request for it but no response! I assume they abounded the project.

CVE-2024-40422

alpernae avatar Oct 18 '25 19:10 alpernae

Yes it is no longer in maintenance

Rawknee-69 avatar Oct 21 '25 15:10 Rawknee-69