CVE-2024-0195

Name of the Vulnerable Software and Affected Versions spider-flow version 0.4.3

Description A critical vulnerability was found in spider-flow, affecting the FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. This vulnerability leads to code injection and can be exploited remotely. The exploit has been disclosed to the public.

Recommendations For spider-flow version 0.4.3, consider disabling the FunctionService.saveFunction function until a patch is available to prevent code injection attacks. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the affected function in the API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.