CVE-2023-5016

Name of the Vulnerable Software and Affected Versions spider-flow versions up to 0.5.0

Description A critical issue has been found, affecting the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java in the API component. This issue leads to deserialization and can be exploited remotely. The exploit has been publicly disclosed.

Recommendations For versions up to 0.5.0, consider disabling the DriverManager.getConnection function as a temporary workaround until a patch is available. Restrict access to the DataSourceController.java file to minimize the risk of exploitation. Avoid using the affected API component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.