.png)
1 month ago
43 BOOK THIS SPACE FOR AD
ARTICLE AD
CVE-2024–0195 is a critical vulnerability identified in spider-flow version 0.4.3. The issue arises from improper control in the FunctionService.saveFunction method located in FunctionController.java, which leads to code injection vulnerabilities. This flaw allows attackers to execute arbitrary code on the affected system, potentially leading to a complete system compromise.
CVE: CVE-2024–0195Severity: Critical
CVSS Score: 9.8(Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Weakness: CWE-94 - Improper Control of Generation of Code ('Code Injection')
The impact of this vulnerability is severe. It allows for remote code execution on the server hosting the vulnerable spider-flow application. An attacker exploiting this vulnerability could potentially:
1. Fully compromise the server
2. Steal sensitive data
3. Install malware or crypto miners
4. Use the compromised server as a launching point for further attacks within the network The vulnerability critically impacts the confidentiality, integrity, and availability of both the application and the server.
Bengali (Bangladesh) · 
English (United States) ·