You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When performing static code analysis, if a parameter received in the API is forwarded directly to the user without validation, a critical vulnerability arises.In the Devika.py file, the /api/get-browser-snapshot endpoint takes the query from the request and sends the specified file to the user. Since there is no filtering or additional validation, any file can be sent to the user.
PoC
The vulnerability arises as you can see from below.
Describe the bug
When performing static code analysis, if a parameter received in the API is forwarded directly to the user without validation, a critical vulnerability arises.In the Devika.py file, the /api/get-browser-snapshot endpoint takes the query from the request and sends the specified file to the user. Since there is no filtering or additional validation, any file can be sent to the user.
PoC
The vulnerability arises as you can see from below.
Url:
File Content:
Vulnerable Code Snippet:
Mitigation
The text was updated successfully, but these errors were encountered: