PR
Add CVE-2024-3408 D-Tale Auth Bypass and RCE template
projectdiscovery/nuclei-templates#14498
Summary
Nuclei template for CVE-2024-3408 affecting D-Tale <= 3.10.0.
Vulnerability: Hardcoded Flask SECRET_KEY enables auth bypass + RCE via pandas eval injection.
Detection: Uses interactsh OOB callback to verify command execution.
/claim #14488
Claim
Total prize pool
$200
Total paid
$0
Status
Pending
Submitted
December 21, 2025
Last updated
December 21, 2025
Contributors
SO
Solari Systems
@SolariSystems
Sponsors
SO
Solari Systems
@SolariSystems
$100
PR
ProjectDiscovery
@projectdiscovery
$100