CVE-2024-46507
Analyzed Analyzed - Analysis Complete
Server-Side Template Injection in Yeti Platform

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: MITRE

Description
A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2024-46507
EUVD
EUVD-2024-55570
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
yeti-platform yeti From 2.0 (inc) to 2.1.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-46507 is a Server-Side Template Injection (SSTI) vulnerability found in the Yeti Platform, a forensic intelligence tool used by DFIR teams. This vulnerability exists in versions 2.0 to 2.1.11 of the platform. It allows attackers to exploit the custom template export function by creating malicious templates that, when used to export observables like IP addresses or hashes, can execute arbitrary code on the application server.

Impact Analysis

This vulnerability can have serious impacts as it allows attackers to execute arbitrary commands on the server hosting the Yeti Platform. This could enable them to collect sensitive intelligence, modify or delete Indicators of Compromise (IoCs), and potentially take control of the server. In default configurations, combined with another vulnerability (CVE-2024-46508), attackers could achieve unauthenticated remote code execution, increasing the risk of unauthorized access and data compromise.

Detection Guidance

This vulnerability can be detected by testing the custom report template export function in Yeti Platform versions 2.0 to 2.1.11 for Server-Side Template Injection (SSTI) flaws.

One approach is to create a malicious template that includes payloads designed to execute code when exported. Observing whether arbitrary commands execute on the server indicates the presence of the vulnerability.

A proof-of-concept exploit is available in Rhino Security Labs' CVE GitHub repository, which can be used to verify if the system is vulnerable.

Specific commands are not provided in the available resources, but testing typically involves crafting templates with SSTI payloads and exporting observables such as IP addresses or hashes to trigger code execution.

Mitigation Strategies

The immediate mitigation step is to upgrade the Yeti Platform to version 2.1.12 or later, where this SSTI vulnerability has been patched.

Additionally, be aware of related vulnerabilities such as CVE-2024-46508, which involves a static insecure JWT secret in default deployments, as combined exploitation could lead to unauthenticated remote code execution.

Until the upgrade is applied, restrict access to the custom report template export functionality and monitor for suspicious activity related to template exports.

Compliance Impact

The provided information does not specify how CVE-2024-46507 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-46507. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart