Unsigned code template execution through workflows in projectdiscovery/nuclei

Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In this case, users can execute arbitrary commands. (Although, as far as I know, most web applications use -t to execute). This issue has been addressed in version 3.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Nuclei 安全漏洞

Nuclei是ProjectDiscovery开源的一个基于简单 YAML 的 DSL 的快速可定制漏洞扫描器。 Nuclei 3.0.0至3.3.0之前版本存在安全漏洞，该漏洞源于无需-code选项和签名即可执行代码模板，从而导致攻击者可执行任意命令。

N/A

N/A