CVE-2024-0195

MEDIUM NUCLEI

spider-flow 0.4.3 - Remote Code Execution via FunctionService.saveFunction

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2024-0195. PoCs published by gh-ost00, Cappricio-Securities, hack-with-rohit. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2024-0195, demonstrating remote code execution in SpiderFlow 0.4.3 via code injection in the FunctionService.saveFunction endpoint. The YAML file includes a Nuclei template with a crafted POST request to trigger RCE.

Description

A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.

Exploits (4)

nomisec WORKING POC 5 stars

by gh-ost00 · poc

https://github.com/gh-ost00/CVE-2024-0195-SpiderFlow

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2024-0195, demonstrating remote code execution in SpiderFlow 0.4.3 via code injection in the FunctionService.saveFunction endpoint. The YAML file includes a Nuclei template with a crafted POST request to trigger RCE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SpiderFlow 0.4.3

No auth needed

Prerequisites: Access to the vulnerable SpiderFlow instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SCANNER 1 stars

by Cappricio-Securities · poc

https://github.com/Cappricio-Securities/CVE-2024-0195

View Code ZIP pw:eip

This repository contains a Python-based scanner for detecting CVE-2024-0195, a vulnerability that appears to involve command injection via a crafted payload. The tool checks for the presence of the vulnerability by sending a specific payload and analyzing the response for an error message indicating successful exploitation.

Classification

Scanner 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unknown (likely a web application with a specific endpoint vulnerable to command injection)

No auth needed

Prerequisites: A target URL or list of URLs to scan · Python 3 environment with required dependencies

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by hack-with-rohit · poc

https://github.com/hack-with-rohit/CVE-2024-0195-SpiderFlow

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2024-0195, targeting SpiderFlow's code injection vulnerability in the FunctionService.saveFunction function. The YAML file includes HTTP requests to trigger RCE via crafted payloads, and the README provides technical details and exploitation steps.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SpiderFlow 0.4.3

No auth needed

Prerequisites: Network access to the vulnerable SpiderFlow instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/fa-rrel/cve-2024-0195-spiderflow

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2024-0195, demonstrating remote code execution in SpiderFlow 0.4.3 via code injection in the FunctionService.saveFunction endpoint. The YAML file includes HTTP requests to trigger the vulnerability, and the README provides technical details and a PoC.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SpiderFlow 0.4.3

No auth needed

Prerequisites: Network access to the vulnerable SpiderFlow instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

Nuclei Templates (1)

SpiderFlow Crawler Platform - Remote Code Execution

CRITICALVERIFIEDby pussycat0x

FOFA: app="SpiderFlow" || app="spiderflow"

References (3)

Core 3

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.249510

Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.249510

Exploit, Third Party Advisory broken-link exploit

https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md

Scores

CVSS v3 6.3

EPSS 0.9170

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

ssssssss/spider-flow 0.4.3

Published Jan 02, 2024

Tracked Since Feb 18, 2026