3 matches found
SUSE SLES15 / openSUSE 15 Security Update : ghc-pandoc (SUSE-SU-2025:02037-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02037-1 advisory. - CVE-2024-38526: Fixed Polyfill Supply Chain Attack bsc1227690. Tenable has extracted the preceding description block directly from the...
Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack
Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library "polyfill.js" to redirect users to malicious and scam sites. "Protecting our users is our top priority. We detected a security...
pdoc embeds link to malicious CDN if math mode is enabled
Impact Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. Users who produce documentation with math mode should update immediately. All other users are unaffected. Patches This issue has been fixed...