CVE-2024-27920

Name of the Vulnerable Software and Affected Versions Nuclei versions prior to 3.2.0

Description A significant security oversight was identified in Nuclei, involving the execution of unsigned code templates through workflows. This issue specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. The vulnerability stems from an oversight in the workflow execution mechanism, where unsigned code templates could be executed, bypassing the security measures intended to authenticate the integrity and source of the templates.

Recommendations For versions prior to 3.2.0, the primary recommendation is to upgrade to Nuclei v3.2.0, where the vulnerability has been patched. As an interim measure, users should refrain from using custom workflows if unable to upgrade immediately. Only trusted, verified workflows should be executed. Avoid using custom workflows from untrusted sources, including workflows authored by third parties or obtained from unverified repositories. Developers integrating Nuclei into their platforms should ensure they do not permit the execution of custom workflows by end-users from untrusted sources.