Cloudflare CDN has a critical error affecting 12% of websites globally

Cloudflare has just patched a critical vulnerability in the free and open source software CDNJS. This vulnerability has the potential to affect 12.7% of websites currently on the internet.

CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries publicly hosted on GitHub. This is the 2nd largest JavaScript CDN in the world.

The newly patched vulnerability exploits publishing packages including to Cloudflare’s CDNJS using GitHub and npm. From there, they enable the Pathc Traversal vulnerability and can even execute arbitrary code remotely.

If exploited, this vulnerability could allow hackers to penetrate the entire CDNJS infrastructure.

Content Delivery Networks (CDNs) play an important role in maintaining the security, integrity, and availability of the internet. This comes from the fact that the majority of websites that rely on these services can upload popular JavaScript libraries and CSS scripts.

CDNs are often targeted by hackers because, if successful, they can have serious, far-reaching consequences for many websites, online stores, and their customers.

This new vulnerability was discovered by developer RyotaK. He reported the issue to Cloudflare and coordinated a resolution. According to RyotaK, this vulnerability can be exploited by novice hackers but can affect many websites.

Cloudflare took immediate action and continuously released numerous fixes to address the CDNJS vulnerability. Cloudflare confirmed that this vulnerability has not been exploited by hackers.