Ncell

CloudFlare CDNJS Bugs Can Lead to Widespread Supply-chain Attacks

Cloudflare CDNJS
Share It On:

19th July 2021, Kathmandu

Critical bug discovered in Cloudflare CDNJS which could have led to supply-chain attacks. 12.7% of all the websites on the internet use the CDNJS library. Cloudflare has fixed a critical vulnerability in its CDNJs library last month.

The issue could have allowed a threat actor to execute arbitrary commands in the CDNJS library update server which could have resulted in a complete compromise.

RyotaK had discovered the vulnerability and reported it to the company on April 6, 2021. The company stated that no evidence of wild exploitation of this issue.

This bug functions by publishing packages to Cloudflare’s CDNJS using GitHub as well as npm mobilizing it to trigger path transversal attack as well as finally tricking the server into executing arbitrary code finally to achieve RCE

The security researcher had discovered that arbitrary code could be executed after the threat actor performs path traversal from the .tgz file that is published to npm and then overwriting the script which is executed regularly on the server.


Share It On:
Worldlink
NMB Bank

Recent Posts

See More
Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Share It On:5th November 2024, Kathmandu Citizens Bank International Limited signed an agreement with Nepal’s leading online marketplace, Daraz, to

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat Win CDU IT CodeFair CTF

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat

Share It On:5th November 2024, Kathmandu Bipu Ojha and his teammate Tuan Khuat have emerged as winners in the prestigious

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

Share It On: 5th November 2024, Kathmandu CEDB Hydropower Development Company Limited has successfully concluded its extraordinary general meeting. CEDB

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Share It On: 5th November, Kathmandu The Department of Information and Broadcasting has announced the launch of a new insurance

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For Growth

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For

Share It On:5th November, Kathmandu Nepal Life Insurance, a leading life insurance company in Nepal, has recently expanded its footprint

Global IME Dividend Announcement: Key Book Closure Date Revealed

Global IME Dividend Announcement: Key Book Closure Date Revealed

Share It On:5th November 2024, Kathmandu Global IME Bank has good news for its shareholders! The bank has announced a

TVS Naya Yug Ko Aarambha 2024: Lucky Winners Announced

TVS Naya Yug Ko Aarambha 2024: Lucky Winners Announced

India’s EV Landscape Expands: Maruti and Mahindra’s Upcoming Launches

India’s EV Landscape Expands: Maruti and Mahindra’s Upcoming Launches

CG Motors Dashain Tihar Offer 2024: Chance to Win Big With Hero Motorcycles

CG Motors Dashain Tihar Offer 2024: Chance to Win Big

KTM Nepal’s Track Test Experience 2024: Uniting Enthusiasts For Thrills and Safety

KTM Nepal’s Track Test Experience 2024: Uniting Enthusiasts For Thrills

Great Himalayan Odyssey 2024: Bajaj Dominar’s First Motorcycle Journey to Ladakh

Great Himalayan Odyssey 2024: Bajaj Dominar’s First Motorcycle Journey to

Ncell Centre Inaugurated Damauli: World-Class Customer Services Now at Maharshi

Ncell Centre Inaugurated Damauli: World-Class Customer Services Now at Maharshi Chowk

Smart Brings Amazing Recharge Offers

Smart Brings Amazing Recharge Offers

Ncell Launches New Prepaid Plans in Nepal

Ncell Launches New Prepaid Plans in Nepal