WordPress plugin Fastly 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CVE-2024-34768

Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25...

CVE-2015-10094

A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version...

MAL-2025-3098 Malicious code in fastly-ip-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f926af7de5421ff4d32ead56bc3c4ee74df195c6f8fb78593010535faac8ed0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fastly-ip-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f926af7de5421ff4d32ead56bc3c4ee74df195c6f8fb78593010535faac8ed0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Mozilla: Subdomain takeover on a subdomain under firefox.com

The subdomain ████ was vulnerable to a subdomain takeover due to its CNAME record pointing to a Fastly-hosted service that was not registered with Fastly. This allowed the researcher to claim and take control of the subdomain...

Mozilla: [ addons-preview-cdn.mozilla.net ] A subdomain takeover is available via unregistered domain in Fastly

The domain addons-preview-cdn.mozilla.net was found to CNAME resolve to addons.allizom.org, which was hosted on Fastly's service. The domain addons-preview-cdn.mozilla.net was not registered within Fastly, resulting in a "Fastly error: unknown domain" message. The vulnerability was demonstrated b...

Use After Free

@fastly/js-compute is vulnerable to Use After Free. The vulnerability is due to re-use of previously freed memory in the FetchEvent.client and certain CacheEntry.prototype and Device.lookup functions. This issue could allow for an unintended data leak and often results in a Compute service crash...

CVE-2024-38375

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and...

@adobe/helix-deploy (>=11.0.11 <=11.1.13) potentially affected by CVE-2024-38375 via @fastly/js-compute (>=3.11.0 <=3.15.0)

@fastly/js-compute NPM version =3.11.0, =11.0.11, =11.1.13 Source cves: CVE-2024-38375 Source advisory: OSV:GHSA-MP3G-VPM9-9VQV...

CVE-2024-38375 @fastly/js-compute use-after-free in some host call implementations

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and...

CVE-2024-38375 @fastly/js-compute use-after-free in some host call implementations

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and...

CVE-2024-38375 @fastly/js-compute use-after-free in some host call implementations

@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and...

CVE-2024-38375

The CVE-2024-38375 entry concerns @fastly/js-compute, a JavaScript SDK/runtime for Fastly Compute. It describes a use-after-free bug in several functions (e.g., FetchEvent.client.*, CacheEntry.prototype.userMetadata, Device.lookup) that could leak data and crash a Compute service, often returning...

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library "polyfill.js" to redirect users to malicious and scam sites. "Protecting our users is our top priority. We detected a security...

Fastly js-compute-runtime security vulnerability

Fastly js-compute-runtime is a Fastly open source runtime environment. A security vulnerability exists in Fastly js-compute-runtime, which stems from the implementation of multiple functions containing post-release reuse vulnerabilities...

CVE-2024-34768

Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25...

CVE-2024-34768

CVE-2024-34768 corresponds to a Missing Authorization vulnerability in the WordPress Fastly plugin (affected: 1.2.25 and earlier). Reports from multiple sources indicate a Broken Access Control via Missing Authorization in Fastly’s AJAX actions, enabling unauthorized access or actions on affected...

CVE-2024-34768 WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25...

CVE-2024-34768 WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25...