A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.
References
Link | Resource |
---|---|
https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.249510 | Third Party Advisory |
https://vuldb.com/?id.249510 | Third Party Advisory |
Configurations
History
09 Jan 2024, 02:03
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ssssssss
Ssssssss spider-flow |
|
References | () https://vuldb.com/?ctiid.249510 - Third Party Advisory | |
References | () https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?id.249510 - Third Party Advisory | |
CPE | cpe:2.3:a:ssssssss:spider-flow:0.4.3:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-94 |
02 Jan 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-02 21:15
Updated : 2024-05-17 02:34
NVD link : CVE-2024-0195
Mitre link : CVE-2024-0195
CVE.ORG link : CVE-2024-0195
JSON object : View
Products Affected
ssssssss
- spider-flow
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')