Description

Acunetix identified the usage of Pollyfill library on the web site. Polyfill, a widely used JavaScript library, was compromised following its acquisition by Funnull, a China-based CDN company. Malicious code was injected into the library, redirecting users to harmful websites.

Remediation

Remove polyfill.io from the website and replace it with secure alternatives provided by Cloudflare and Fastly.

References

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N