{"id":8683,"date":"2021-07-19T11:31:00","date_gmt":"2021-07-19T15:31:00","guid":{"rendered":"https:\/\/www.technewsday.com\/?p=8683"},"modified":"2021-07-23T13:40:25","modified_gmt":"2021-07-23T17:40:25","slug":"cloudflare-cdn-defect-allowed-compromise-of-12-of-all-sites","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cloudflare-cdn-defect-allowed-compromise-of-12-of-all-sites\/","title":{"rendered":"Cloudflare CDN Defect Allowed Compromise Of 12% Of All Sites"},"content":{"rendered":"\n<p>The website security company Cloudflare recently fixed a critical vulnerability in its free and open-source CDNJS, which is expected to affect 12.7% of all websites on the internet.<\/p>\n\n\n\n<p>Security researcher RyotaK discovered the vulnerability by finding a way to fully compromise Cloudflare&#8217;s CDNJS by tricking servers into executing arbitrary code.<\/p>\n\n\n\n<p>The vulnerability, if exploited, could lead to a total compromise of the CDNJS infrastructure<\/p>\n\n\n\n<p>After Cloudflare reported the vulnerability, the Cloudflare team took drastic action and worked on several fixes to address the issue.<\/p>\n\n\n\n<p>Although the original solution attempted to fix the symlink vulnerability, the complexity of the CDNJS ecosystem caused further fixes to be made over the following weeks.<\/p>\n\n\n\n<p>CNDJS serves millions of websites with approximately 4,000 publicly available JavaScript and CSS libraries stored publicly on GitHub.<\/p>\n\n\n<p>For more information, read the <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/critical-cloudflare-cdn-flaw-allowed-compromise-of-12-percent-of-all-sites\/\" target=\"_blank\" rel=\"noopener\">original story<\/a> in Bleeping Computer.<\/p>","protected":false},"excerpt":{"rendered":"<p>Cloudflare recently fixed a critical vulnerability in its free and open-source CDNJS, which is expected to affect 12.7% of all websites on the internet.<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[66,16],"tags":[],"class_list":["post-8683","post","type-post","status-publish","format-standard","hentry","category-open-source","category-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/8683","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=8683"}],"version-history":[{"count":4,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/8683\/revisions"}],"predecessor-version":[{"id":8727,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/8683\/revisions\/8727"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=8683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=8683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=8683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}