{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T20:56:45.242","vulnerabilities":[{"cve":{"id":"CVE-2024-27920","sourceIdentifier":"security-advisories@github.com","published":"2024-03-15T20:15:09.360","lastModified":"2025-12-05T17:24:36.960","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This advisory outlines the impacted users, provides details on the security patch, and suggests mitigation strategies. The vulnerability is addressed in Nuclei v3.2.0. Users are strongly recommended to update to this version to mitigate the security risk. Users should refrain from using custom workflows if unable to upgrade immediately. Only trusted, verified workflows should be executed."},{"lang":"es","value":"projectdiscovery/nuclei es un escáner de vulnerabilidades rápido y personalizable basado en DSL simple basado en YAML. Se identificó un importante descuido de seguridad en Nuclei v3, que implica la ejecución de plantillas de código sin firmar a través de flujos de trabajo. Esta vulnerabilidad afecta específicamente a los usuarios que utilizan flujos de trabajo personalizados, lo que potencialmente permite la ejecución de código malicioso en el sistema del usuario. Este aviso describe a los usuarios afectados, proporciona detalles sobre el parche de seguridad y sugiere estrategias de mitigación. La vulnerabilidad se aborda en Nuclei v3.2.0. Se recomienda encarecidamente a los usuarios que actualicen a esta versión para mitigar el riesgo de seguridad. Los usuarios deben abstenerse de utilizar flujos de trabajo personalizados si no pueden actualizar inmediatamente. Sólo se deben ejecutar flujos de trabajo confiables y verificados."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:projectdiscovery:nuclei:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.2.0","matchCriteriaId":"B74D430C-1727-43DD-B55A-39AE5F32B72E"}]}]}],"references":[{"url":"https://docs.projectdiscovery.io/templates/protocols/code","source":"security-advisories@github.com","tags":["Technical Description"]},{"url":"https://docs.projectdiscovery.io/templates/reference/template-signing","source":"security-advisories@github.com","tags":["Technical Description"]},{"url":"https://docs.projectdiscovery.io/templates/workflows/overview","source":"security-advisories@github.com","tags":["Technical Description"]},{"url":"https://github.com/projectdiscovery/nuclei/pull/4822","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-w5wx-6g2r-r78q","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://docs.projectdiscovery.io/templates/protocols/code","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description"]},{"url":"https://docs.projectdiscovery.io/templates/reference/template-signing","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description"]},{"url":"https://docs.projectdiscovery.io/templates/workflows/overview","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description"]},{"url":"https://github.com/projectdiscovery/nuclei/pull/4822","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-w5wx-6g2r-r78q","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}