1## autogenerated on 2026-03-30 12:55:25
2name: crowdsecurity/vpatch-CVE-2024-3408
3description: 'Detects authentication bypass and remote code execution in D-Tale via forged session cookie and malicious query parameter.'
4rules:
5  - and:
6      - zones:
7          - URI
8        transform:
9          - lowercase
10        match:
11          type: contains
12          value: /dtale/test-filter/
13      - zones:
14          - ARGS
15        variables:
16          - query
17        transform:
18          - lowercase
19          - urldecode
20        match:
21          type: contains
22          value: '__import__('
23      - zones:
24          - HEADERS
25        variables:
26          - cookie
27        transform:
28          - lowercase
29        match:
30          type: contains
31          value: session=
32
33labels:
34  type: exploit
35  service: http
36  confidence: 3
37  spoofable: 0
38  behavior: 'http:exploit'
39  label: 'D-Tale - Auth Bypass & RCE'
40  classification:
41    - cve.CVE-2024-3408
42    - attack.T1190
43    - cwe.CWE-94
44