A Cross-Site Request Forgery (CSRF) vulnerability exists in stitionai/devika due to a loosely set CORS policy. This vulnerability allows an attacker to exploit any API endpoint if the user hosting the server visits an attacker-controlled website. The impact includes the ability to read and write files on the system, create or delete projects, and change settings. However, it does not allow sending messages or commands to the model via…Read More