Cloudflare CDN Defect Allowed Compromise Of 12% Of All Sites

Share post:

The website security company Cloudflare recently fixed a critical vulnerability in its free and open-source CDNJS, which is expected to affect 12.7% of all websites on the internet.

Security researcher RyotaK discovered the vulnerability by finding a way to fully compromise Cloudflare’s CDNJS by tricking servers into executing arbitrary code.

The vulnerability, if exploited, could lead to a total compromise of the CDNJS infrastructure

After Cloudflare reported the vulnerability, the Cloudflare team took drastic action and worked on several fixes to address the issue.

Although the original solution attempted to fix the symlink vulnerability, the complexity of the CDNJS ecosystem caused further fixes to be made over the following weeks.

CNDJS serves millions of websites with approximately 4,000 publicly available JavaScript and CSS libraries stored publicly on GitHub.

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs


Related articles

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

Polar: A new way of funding open source projects

A company called Polar is introducing a new idea in open-source funding, aiming to allow open source developers...

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways