CVE-2024-0195

MEDIUM NUCLEI

Ssssssss Spider-flow - Code Injection

Title source: rule

Description

A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.

Exploits (5)

nomisec WORKING POC 5 stars

by gh-ost00 · poc

https://github.com/gh-ost00/CVE-2024-0195-SpiderFlow

View Code ZIP pw:eip

nomisec SCANNER 1 stars

by Cappricio-Securities · poc

https://github.com/Cappricio-Securities/CVE-2024-0195

View Code ZIP pw:eip

nomisec WORKING POC

by hack-with-rohit · poc

https://github.com/hack-with-rohit/CVE-2024-0195-SpiderFlow

View Code ZIP pw:eip

inthewild

poc

https://github.com/muhammadwaseem29/cve-2024-0195-spiderflow

View on inthewild

inthewild WORKING POC

poc

https://github.com/fa-rrel/cve-2024-0195-spiderflow

View Code ZIP pw:eip

Nuclei Templates (1)

SpiderFlow Crawler Platform - Remote Code Execution

CRITICALVERIFIEDby pussycat0x

FOFA: app="SpiderFlow" || app="spiderflow"

References (3)

[Exploit, Third Party Advisory] https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md

[Third Party Advisory] https://vuldb.com/?ctiid.249510

[Third Party Advisory] https://vuldb.com/?id.249510

Scores

CVSS v3 6.3

EPSS 0.9198

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-94

Status published

Products (1)

ssssssss/spider-flow 0.4.3

Published Jan 02, 2024

Tracked Since Feb 18, 2026