CloudFlare CDNJS Bugs Can Lead to Widespread Supply-chain Attacks

Cloudflare CDNJS
Share It On:

19th July 2021, Kathmandu

Critical bug discovered in Cloudflare CDNJS which could have led to supply-chain attacks. 12.7% of all the websites on the internet use the CDNJS library. Cloudflare has fixed a critical vulnerability in its CDNJs library last month.

The issue could have allowed a threat actor to execute arbitrary commands in the CDNJS library update server which could have resulted in a complete compromise.

RyotaK had discovered the vulnerability and reported it to the company on April 6, 2021. The company stated that no evidence of wild exploitation of this issue.

This bug functions by publishing packages to Cloudflare’s CDNJS using GitHub as well as npm mobilizing it to trigger path transversal attack as well as finally tricking the server into executing arbitrary code finally to achieve RCE

The security researcher had discovered that arbitrary code could be executed after the threat actor performs path traversal from the .tgz file that is published to npm and then overwriting the script which is executed regularly on the server.


Share It On:

Recent Posts

Gentle Care For Infants: Parachute Advansed Baby Partners With Ek Ek Paila for Newborn Well-being in Nepal

Gentle Care For Infants: Parachute Advansed Baby Partners With Ek

Share It On:7 October 2024, Kathmandu Marico, a leading name in consumer goods, proudly announces the expansion of its product

Sanima Bank Disburses NPR 1 Million Accident Insurance Claim

Sanima Bank Disburses NPR 1 Million Accident Insurance Claim

Share It On:7 October 2024, Kathmandu Sanima Bank recently transferred an accident insurance claim worth NPR 1 million under its

Singhadurbar Smart Gate Pass System Goes Live!

Singhadurbar Smart Gate Pass System Goes Live!

Share It On:7 October 2024, Kathmandu The Singhadurbar Smart Gate Pass System is now officially live! Visitors can easily register

Elevating Global Nepali Professionals Event in Seattle: Panelists Announced for October 18 Networking and Discussion

Elevating Global Nepali Professionals Event in Seattle: Panelists Announced for

Share It On:7 October 2024, Kathmandu The Great Nepali Diaspora is excited to announce the incredible panelists for the Seattle

NMB Bank Partners Mechi Drishti Eye Hospital For Exclusive Discounts

NMB Bank Partners Mechi Drishti Eye Hospital For Exclusive Discounts

Share It On:7 October 2024, Kathmandu NMB Bank is offering its customers an exclusive discount at Mechi Drishti Eye Hospital

Prabhu Bank Launches Education Hub in Chitwan to Streamline Student Loans

Prabhu Bank Launches Education Hub in Chitwan to Streamline Student

Share It On:7 October 2024, Kathmandu In a significant move aimed at supporting students seeking international education, Prabhu Bank has