CloudFlare CDNJS Bugs Can Lead to Widespread Supply-chain Attacks

Cloudflare CDNJS
Share It On:

19th July 2021, Kathmandu

Critical bug discovered in Cloudflare CDNJS which could have led to supply-chain attacks. 12.7% of all the websites on the internet use the CDNJS library. Cloudflare has fixed a critical vulnerability in its CDNJs library last month.

The issue could have allowed a threat actor to execute arbitrary commands in the CDNJS library update server which could have resulted in a complete compromise.

RyotaK had discovered the vulnerability and reported it to the company on April 6, 2021. The company stated that no evidence of wild exploitation of this issue.

This bug functions by publishing packages to Cloudflare’s CDNJS using GitHub as well as npm mobilizing it to trigger path transversal attack as well as finally tricking the server into executing arbitrary code finally to achieve RCE

The security researcher had discovered that arbitrary code could be executed after the threat actor performs path traversal from the .tgz file that is published to npm and then overwriting the script which is executed regularly on the server.


Share It On:

Recent Posts

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Share It On:5th November 2024, Kathmandu Citizens Bank International Limited signed an agreement with Nepal’s leading online marketplace, Daraz, to

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat Win CDU IT CodeFair CTF

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat

Share It On:5th November 2024, Kathmandu Bipu Ojha and his teammate Tuan Khuat have emerged as winners in the prestigious

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

Share It On: 5th November 2024, Kathmandu CEDB Hydropower Development Company Limited has successfully concluded its extraordinary general meeting. CEDB

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Share It On: 5th November, Kathmandu The Department of Information and Broadcasting has announced the launch of a new insurance

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For Growth

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For

Share It On:5th November, Kathmandu Nepal Life Insurance, a leading life insurance company in Nepal, has recently expanded its footprint

Global IME Dividend Announcement: Key Book Closure Date Revealed

Global IME Dividend Announcement: Key Book Closure Date Revealed

Share It On:5th November 2024, Kathmandu Global IME Bank has good news for its shareholders! The bank has announced a