44 matches found
WordPress Integration for Luminate and Gravity Forms plugin <= 1.3.3 - Malicious Polyfill.io Embed vulnerability
Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Integration for Luminate and Gravity Forms versions = 1.3.3...
WordPress WS Theme Addons plugin <= 2.0.0 - Malicious Polyfill.io Embed vulnerability
Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin WS Theme Addons versions = 2.0.0...
WordPress weForms plugin <= 1.6.23 - Malicious Polyfill.io Embed vulnerability
Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin weForms versions = 1.6.23...
WordPress Simply Show Hooks plugin <= 1.2.1 - Malicious Polyfill.io Embed vulnerability
Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Simply Show Hooks versions = 1.2.1...
WordPress Product Customer List for WooCommerce plugin <= 3.1.6 - Malicious Polyfill.io Embed vulnerability
Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Product Customer List for WooCommerce versions = 3.1.6...
WordPress Social Warfare plugin <= 4.4.7.1 - Malicious Polyfill.io Embed vulnerability
Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Social Warfare versions = 4.4.7.1...
WordPress Jobs.af plugin <= 1.0.1 - Malicious Polyfill.io Embed vulnerability
Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Jobs.af versions = 1.0.1...
WordPress FireBox plugin <= 2.1.15 - Malicious Polyfill.io Embed vulnerability
Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin FireBox versions = 2.1.15...
WordPress Qualified Electronic Signatures by eID Easy plugin <= 3.3.0 - Malicious Polyfill.io Embed vulnerability
Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Qualified Electronic Signatures by eID Easy versions = 3.3.0...
WordPress TotalRating Pro plugin <= 1.8.4 - Malicious Polyfill.io Embed vulnerability
Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin TotalRating Pro versions = 1.8.4...
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Note On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain level to ensure polyfill.io and its subdomains could not resolve to the compromised service, rendering this vulnerability unexploitable. The following sections describe this vulnerability prior to the domain level...
GHSA-CVW4-C69G-7V7M Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Note On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain level to ensure polyfill.io and its subdomains could not resolve to the compromised service, rendering this vulnerability unexploitable. The following sections describe this vulnerability prior to the domain level...
CVE-2024-38537
Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...
CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...
CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...
CVE-2024-38537
Fides (Ethical) vulnerability CVE-2024-38537 affects the client-side script fides.js, which in a limited edge case used the polyfill.io domain to support legacy browsers (IE11) lacking fetch. If the polyfill.io domain was compromised, legacy-browser users could download and execute malicious scri...
CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...
Malicious CDN Embedding
pdoc is vulnerable to malicious CDN embedding. The vulnerability is caused when documentation is generated with math mode pdoc --math due to the usage of a compromised polyfill.io CDN domain. An attacker could potentially exploit this by injecting malicious code into documentation generated with...
CVE-2024-38526
pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1...
CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled
pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1...