Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Polyfill.io Supply Chain Attack - Vulnerability Database

Polyfill.io Supply Chain Attack

Description

Invicti identified the usage of Pollyfill library on the web site. Polyfill, a widely used JavaScript library, was compromised following its acquisition by Funnull, a China-based CDN company. Malicious code was injected into the library, redirecting users to harmful websites.

Remediation

Remove polyfill.io from the website and replace it with secure alternatives provided by Cloudflare and Fastly.

References

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N