- Description
- Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. The vulnerability is present in the template signature verification process, specifically in the `signer` package. The vulnerability stems from a discrepancy between how the signature verification process and the YAML parser handle newline characters, combined with the way multiple signatures are processed. This allows an attacker to inject malicious content into a template while maintaining a valid signature for the benign part of the template. CLI users are affected if they execute custom code templates from unverified sources. This includes templates authored by third parties or obtained from unverified repositories. SDK Users are affected if they are developers integrating Nuclei into their platforms, particularly if they permit the execution of custom code templates by end-users. The vulnerability is addressed in Nuclei v3.3.2. Users are strongly recommended to update to this version to mitigate the security risk. As an interim measure, users should refrain from using custom templates if unable to upgrade immediately. Only trusted, verified templates should be executed. Those who are unable to upgrade Nuclei should disable running custom code templates as a workaround.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
A Signature Verification Bypass in Nuclei (CVE-2024-43405) https://t.co/OEsFzUW2E8 https://t.co/22Zp2pyagx
@secharvesterx
18 Feb 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0. #phishing #hacking Read More: https://t.co/SETnvTRo5N htt
@pinakinit1
9 Jan 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A recent flaw in the Nuclei scanner (CVE-2024-43405) allowed attackers to bypass signature verification and inject malicious code into templates. Users should update to the latest version. 🛡️⚠️ #OpenSource #Malware #CybersecurityNews link: https://t.co/grOsJuPTKl https://t.co/6
@TweetThreatNews
7 Jan 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
💥Nuclei flaw lets malicious templates bypass signature verification💥 Hi, this is Bob with an update on a critical security issue discovered by Wiz researchers in Nuclei, the open-source vulnerability scanner. A flaw (CVE-2024-43405) allowed attackers to bypass signature… http
@ElusivePrivacy
6 Jan 2025
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution: https://t.co/9HNBNZNqez A high-severity vulnerability, tracked as CVE-2024-43405, has been found in ProjectDiscovery's Nuclei vulnerability scanner, affecting versions after 3.0.0. With a CVSS
@securityRSS
6 Jan 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2023-32434 2 - CVE-2024-49113 3 - CVE-2024-43405 4 - CVE-2024-10957 5 - CVE-2024-30078 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
6 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical vulnerability (CVE-2024-43405) in Nuclei, an open-source security tool, has been uncovered by @wiz_io. This flaw allows attackers to bypass signature verification, enabling arbitrary code execution. 🔗Read more: https://t.co/nlhV2QYkh1 #CyberSecurity #OpenSource
@Info_Sec_Buzz
6 Jan 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
¿Sabías que una bug en la ejecucion de una herramienta puede comprometer la seguridad de un sistema? 🛡 Abro hilo 🧵 Nuclei, el escáner de vulnerabilidades open-source, tuvo un problema crítico: el CVE-2024-43405 (CVSS 7.4). Este fallo permite a atacantes evadir ⬇️ https://t.co
@Alevsk
6 Jan 2025
548 Impressions
3 Retweets
14 Likes
4 Bookmarks
1 Reply
1 Quote
🚨 Critical Security Flaw in Nuclei Vulnerability Scanner: #CVE-2024-43405 Exposes Systems to Malicious Code Execution https://t.co/EgJwyiueZ2
@UndercodeNews
5 Jan 2025
40 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Nuclei Vulnerability Exposed: CVE-2024-43405 Explained 🚨 WIRE TOR - The Ethical Hacking Services Nuclei, an open-source tool by ProjectDiscovery, has become a go-to vulnerability scanner for IT professionals. It scans websites using 10,000+ YAML templates. #hack htt
@WireTor
5 Jan 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Nuclei sérülékenység: Aláírásellenőrzés megkerülése rosszindulatú sablonokkal A CVE-2024-43405 sérülékenység ismét rávilágít arra, hogy a nyílt forráskódú eszközöknél is kulcsfontosságú a rendszeres frissítés és a biztonsági környezetek használata. A Nuclei fejlesztőcsapata gy…
@linuxmint_hun
5 Jan 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Nuclei Vulnerability Found! CVE-2024-43405 allows signature bypass and code execution in Nuclei (v3.0.0+). 🛡 Update to v3.3.7 ASAP to protect against malicious YAML templates exploiting regex and parsing mismatches. #CyberSecurity #Vulnerability
@firexcore
5 Jan 2025
41 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-43405 2 - CVE-2023-45866 3 - CVE-2024-49112 4 - CVE-2024-49113 5 - CVE-2024-4367 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
5 Jan 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Nuclei Vulnerability (CVE-2024-43405) Exposes Systems to Signature Bypass & Code Execution! https://t.co/cgwMrLwyg0 https://t.co/qbMMC6fN33
@easy4hub
5 Jan 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Nucleiに高深刻度の脆弱性(CVE-2024-43405)が発見され、署名検証を回避してコード実行が可能となる。バージョン3.3.2で修正済み。 https://t.co/UQlS8H2B4d
@01ra66it
5 Jan 2025
192 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛠️Added new vulnerability blog to #CyberSecFolio covering CVE-2024-43405. #infosec #cyber #security https://t.co/IE7I4dpNTv
@gothburz
5 Jan 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6. 🚨 A critical vulnerability in Nuclei's template signature verification system (CVE-2024-43405) has been identified by the Wiz engineering team, potentially allowing attackers to execute arbitrary code by bypassing signature checks 🧵👇: https://t.co/X4iPmlscQD
@gothburz
5 Jan 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A newly discovered flaw in the Nuclei scanner (CVE-2024-43405) allows attackers to bypass signature verification and execute malicious code. This arises from regex and YAML parsing issues. 🛡️🔍 #Nuclei #CyberFlaw #Vulnerability #CybersecurityNews link: https://t.co/QGUd4RJGsf h
@TweetThreatNews
4 Jan 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A severe flaw in Nuclei (CVE-2024-43405) could let attackers bypass signature checks and inject malicious code. This impacts all versions after 3.0.0— scoring a 7.4 CVSS. https://t.co/Ka2C26xKQv
@Kanieloutris
4 Jan 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical flaw in Nuclei (CVE-2024-43405, CVSS 7.4) allows attackers to bypass signature checks using newline mismatches in YAML parsing. Exploitable in versions >3.0.0. Update immediately! #Cybersecurity
@Haa384039
4 Jan 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-43405 Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution https://t.co/P5KJS07HRt
@wy88215534
4 Jan 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A severe flaw in Nuclei (CVE-2024-43405) could let attackers bypass signature checks and inject malicious code. This impacts all versions after 3.0.0—scoring a 7.4 CVSS. #سوريا_الان #سوريا #WhenThePhoneRings #EndAbductionsKE https://t.co/sCrlf7b88S
@podcastBhai333
4 Jan 2025
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2024-43405) in ProjectDiscovery's Nuclei allows attackers to bypass signature checks and execute malicious code. This impacts all versions post 3.0.0! ⚠️ #InfoSec #Nuclei #OpenSource #CybersecurityNews link: https://t.co/d9vAZt4M6b https://t.co/j2GN
@TweetThreatNews
4 Jan 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Security Flaw in Nuclei Vulnerability Scanner Exposed: #CVE-2024-43405 https://t.co/je26IICCtQ
@UndercodeNews
4 Jan 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OSS脆弱性スキャナのNucleiに署名検証回避の脆弱性。CVE-2024-43405は署名検証プロセスとYAMLパーサの間での改行文字の取り扱いにおける際に起因。Code Protocolを使用して外部コードを実行できる仕様と組み合わさり任意コード実行のおそれ。 https://t.co/Q3V4LxZZco
@__kokumoto
4 Jan 2025
809 Impressions
0 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
Woopsiee Daisy! CVE-2024-43405 A severe flaw in Nuclei (CVE-2024-43405) could let attackers bypass signature checks and inject malicious code. This impacts all versions after 3.0.0 -scoring a 7.4 CVSS.
@byt3n33dl3
4 Jan 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A severe flaw in Nuclei (CVE-2024-43405) could let attackers bypass signature checks and inject malicious code. This impacts all versions after 3.0.0—scoring a 7.4 CVSS. Read the analysis and secure your systems 👉https://t.co/ywhwpqFKW6
@TheHackersNews
4 Jan 2025
14172 Impressions
25 Retweets
60 Likes
10 Bookmarks
1 Reply
2 Quotes
Threat Alert: Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the CVE-2024-43405 CVE-2024-37032 Severity: 🟡 Medium Maturity: 💢 Emerging Learn more: https://t.co/AS7I7AgI8k #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
4 Jan 2025
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A Signature Verification Bypass in Nuclei (CVE-2024-43405) | Wiz Blog - https://t.co/T4uTCgrgva
@piedpiper1616
4 Jan 2025
609 Impressions
4 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
🚨CVE ALERT! While working with Nuclei @wiz_io, I discovered CVE-2024-43405, a vulnerability that bypasses template signature verification, potentially allowing malicious code execution on machines running Nuclei 🛡️ Here’s what you need to know: 🧵 https://t.co/fCd4h5b8Oo
@GuyGoldenberg
3 Jan 2025
29550 Impressions
49 Retweets
242 Likes
107 Bookmarks
8 Replies
2 Quotes
🚨 Wiz uncovered CVE-2024-43405, a bypass in #Nuclei enabling code execution. Fixed with @pdiscoveryio. Update to v3.3.2+, Run tools in isolated environments! https://t.co/BtzpXbgkHr
@wiz_io
3 Jan 2025
4373 Impressions
14 Retweets
52 Likes
17 Bookmarks
5 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projectdiscovery:nuclei:*:*:*:*:*:go:*:*",
"vulnerable": true,
"matchCriteriaId": "82094046-7D35-4A48-8D10-AA7C249AE8B2",
"versionEndExcluding": "3.3.2",
"versionStartIncluding": "3.0.0"
}
],
"operator": "OR"
}
]
}
]