ГлавнаяУязвимости → CVE-2024-5712
8.1высокая

CVE-2024-5712

Описание

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting projects or changing application settings, without any CSRF protection implemented. Successful exploitation disrupts the integrity and availability of the application and its data.

Затрагиваемое ПО
Stitionai Devika
CVSS
Балл8.1 — высокая
ВекторCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Источники
https://huntr.com/bounties/301aeafb-af28-4b0b-a2cf-9a2ff1da1ef4https://huntr.com/bounties/301aeafb-af28-4b0b-a2cf-9a2ff1da1ef4