08/68 Tuesday, January 7, 2025
A high-severity vulnerability has been discovered in Nuclei, an open-source vulnerability scanning tool, identified as CVE-2024-43405 with a CVSS score of 7.4. This vulnerability allows attackers to bypass signature verification and inject malicious code into templates. According to Wiz’s security team, the issue arises from differences in newline character handling between signature verification and the YAML parser’s data processing. This discrepancy enables attackers to insert malicious content while maintaining a valid signature in the normal sections.
Nuclei supports various protocols such as HTTP, TCP, DNS, and Code, with the ability to execute code on operating systems. If insecure templates are used, systems may be vulnerable to attacks. Wiz’s report indicates that the “Code” protocol can be leveraged to extract sensitive information from the target system if crafted into a malicious script.
The vulnerability affects Nuclei versions 3.0.0 and above and has been patched in version v3.3.2. Users are advised to review templates carefully before use to prevent code injection. Additionally, caution should be exercised when allowing users to edit or upload templates in shared systems to mitigate the risk of unauthorized command execution, data theft, or system takeover.
Source https://securityaffairs.com/172692/security/nuclei-flaw-execute-malicious-code.html
