CVE-2024-43405: Nuclei Template Signature Verification Bypass

September 4, 2024 (updated October 14, 2024)

A vulnerability has been identified in Nuclei’s template signature verification system that could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template.

References

github.com/advisories/GHSA-7h5p-mmpp-hgmm
github.com/projectdiscovery/nuclei
github.com/projectdiscovery/nuclei/commit/0da993afe6d41b4b1b814e8fad23a2acba13c60a
github.com/projectdiscovery/nuclei/security/advisories/GHSA-7h5p-mmpp-hgmm
nvd.nist.gov/vuln/detail/CVE-2024-43405
pkg.go.dev/vuln/GO-2024-3114

Detect and mitigate CVE-2024-43405 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →