{"data":{"id":"d4bc1430-a27d-4b78-a613-4b33ec2ece85","title":"CVE-2024-6331: stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI","summary":"A vulnerability in the stitionai/devika AI project allows attackers to read sensitive files on a computer through prompt injection (tricking an AI by hiding malicious instructions in its input). The problem occurs because Google Gemini's safety filters were disabled, which normally prevent harmful outputs, leaving the system open to commands like reading `/etc/passwd` (a file containing user account information).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-6331","publishedAt":"2024-08-04T00:15:47.863Z","cveId":"CVE-2024-6331","cweIds":["CWE-74","CWE-74"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["stitionai/devika","Google Gemini 1.0 Pro"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0022,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}