Popular open source vulnerability scanner Nuclei forced to patch worrying security flaw
Posted by:
Olivia Smith
A recent discovery revealed that the popular open source vulnerability scanner, Nuclei, was itself vulnerable to exploitation by cybercriminals. Security researchers from Wiz identified a bug in the scanner in August 2024, which allowed malicious code to bypass security checks, posing a potential threat to users. The bug, tracked as CVE-2024-43405, carried a high severity score of 7.8.
A fix was promptly released in September 2024, urging users to update to version 3.3.2 to mitigate the risk of exploitation. Those unable to update immediately were advised to refrain from using custom templates and opt for trusted ones. To enhance security, experts recommended running Nuclei in a virtual machine or isolated environment to minimize potential risks further.
The incident sheds light on the vulnerabilities that may exist even in widely used open source software tools like Nuclei, emphasizing the importance of timely updates and diligent security practices. With its substantial user base of 21,000 stars on GitHub and over 50 million monthly scans, Nuclei’s exposure to exploitation underscores the need for heightened vigilance in the cybersecurity community to prevent potential threats.
Recent Posts1
