A high-severity security flaw has been discovered in ProjectDiscovery’s Nuclei, an open-source vulnerability scanner widely used in cybersecurity. Tracked as CVE-2024-43405, this vulnerability affects all versions of Nuclei later than 3.0.0 and carries a CVSS score of 7.4 out of 10. The issue arises from a discrepancy in how the signature verification process and the YAML parser handle newline characters, allowing attackers to bypass the signature check and inject malicious content into Nuclei templates.
Nuclei is designed to probe modern applications, cloud platforms, infrastructure, and networks for vulnerabilities using YAML-based templates. These templates are crucial for sending requests to detect specific flaws. However, the vulnerability exploits the way these templates are processed, allowing attackers to bypass the signature validation that ensures template integrity. By manipulating the template’s structure, malicious code can be executed, potentially leading to unauthorized access and system compromise.
The core issue stems from how the signature verification process uses regular expressions (regex) and the YAML parser. The conflict occurs when attackers introduce the “\r” character, which is treated as part of the same line by the regex, but as a line break by the YAML parser. This inconsistency enables attackers to inject a second “# digest:” line that is ignored during the verification step but still executed by the YAML parser. This flaw could allow the injection of malicious templates that bypass security measures.
To address the vulnerability, ProjectDiscovery released a fix in version 3.3.2 of Nuclei on September 4, 2024, with the latest version being 3.3.7. Users are advised to update their Nuclei installations immediately to mitigate the risk of exploitation. Organizations that rely on community-contributed templates should also ensure proper validation and isolation to prevent the execution of malicious code. This incident highlights the importance of maintaining software updates and vigilant security practices to avoid significant breaches and data exfiltration.
