How severe is CVE-2024-5334?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-5334?

This is classified as CWE-73, which is a common weakness in software security.

CVE-2024-5334 - HIGH Severity | CVSS 7.5

Vulnerability Description

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with a malicious 'snapshot_path' parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server.

Related Vulnerabilities

CVE-2018-14820

HIGH

CVSS:7.5(High)

Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.

CWE-732018

CVE-2018-7495

HIGH

CVSS:7.5(High)

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce...

CWE-732018

CVE-2021-21343

HIGH

CVSS:7.5(High)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type informat...

CWE-732021

CVE-2021-3845

HIGH

CVSS:7.5(High)

ws-scrcpy is vulnerable to External Control of File Name or Path

CWE-732021

CVE-2022-42732

HIGH

CVSS:7.5(High)

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could...

CWE-732022

CVE-2022-42733

HIGH

CVSS:7.5(High)

CWE-732022