Nuclei
Monthly
DSL expression injection in ProjectDiscovery Nuclei before 3.8.0 allows remote code execution when using the -env-vars flag with multi-step templates against untrusted targets. An attacker can inject malicious expressions into environment variables that are evaluated as Nuclei DSL code, achieving arbitrary code execution with the privileges of the Nuclei process. This vulnerability requires non-default configuration (explicit -env-vars usage) and high attack complexity, limiting real-world impact despite the RCE tag.
Nuclei is a vulnerability scanner powered by YAML based templates. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.
Nuclei is a vulnerability scanner. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
DSL expression injection in ProjectDiscovery Nuclei before 3.8.0 allows remote code execution when using the -env-vars flag with multi-step templates against untrusted targets. An attacker can inject malicious expressions into environment variables that are evaluated as Nuclei DSL code, achieving arbitrary code execution with the privileges of the Nuclei process. This vulnerability requires non-default configuration (explicit -env-vars usage) and high attack complexity, limiting real-world impact despite the RCE tag.
Nuclei is a vulnerability scanner powered by YAML based templates. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.
Nuclei is a vulnerability scanner. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.