CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0196 – Magic-Api code injection
https://notcve.org/view.php?id=CVE-2024-0196
02 Jan 2024 — A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. • https://github.com/laoquanshi/puppy/blob/main/Magic-Api%20Code%20Execution%20Vulnerability.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 96%CPEs: 1EXPL: 6CVE-2024-0195 – spider-flow FunctionController.java FunctionService.saveFunction code injection
https://notcve.org/view.php?id=CVE-2024-0195
02 Jan 2024 — A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Cappricio-Securities/CVE-2024-0195 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5016 – spider-flow API DataSourceController.java DriverManager.getConnection deserialization
https://notcve.org/view.php?id=CVE-2023-5016
17 Sep 2023 — A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. • https://github.com/bayuncao/vul-cve • CWE-502: Deserialization of Untrusted Data •