CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-11 20:52:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
c052d0d6949679697108fa931a00cd4220694869
CVEs-PoC/2024/CVE-2024-6331.md
T
0xMarcio c24be57ea5 Update CVE sources 2024-08-31 19:52
2024-08-31 19:52:39 +00:00

1.1 KiB
Raw Blame History

CVE-2024-6331

Description

stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. The integration of Google Gimini 1.0 Pro with HarmBlockThreshold.BLOCK_NONE for HarmCategory.HARM_CATEGORY_HATE_SPEECH and HarmCategory.HARM_CATEGORY_HARASSMENT in safety_settings disables content protection. This allows malicious commands to be executed, such as reading sensitive file contents like /etc/passwd.

POC

Reference

No PoCs from references.

Github

Reference in New Issue View Git Blame Copy Permalink