cvedb.io
CVE-2024-43405
HIGH · CVSS 7.4
EPSS exploitation probability: 0%
Published 2024-09-04T16:15:06.853 · Last modified 2026-06-17T07:50:59.010

Summary

Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. The vulnerability is present in the template signature verification process, specifically in the `signer` package. The vulnerability stems from a discrepancy between how the signature verification process and the YAML parser handle newline characters, combined with the way multiple signatures are processed. This allows an attacker to inject malicious content into a template while maintaining a valid signature for the benign part of the template. CLI users are affected if they execute custom

Affected products

projectdiscovery — nuclei

Does this affect you?

Add your gear to cvedb and we'll alert you only when projectdiscovery ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.