πππΎ"Remote code execution in cdnjs of Cloudflare"
Tl;Dr: Path traversal on tgz archives mirrored by CDNjs.
https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/ @[email protected] #bugbouty #pentest #rce #vulnerability #cloudflare #cdnjs
Remote code execution in cdnjs of Cloudflare
Preface (ζ₯ζ¬θͺηγε ¬ιγγγ¦γγΎγγ) Cloudflare, which runs cdnjs, is running a βVulnerability Disclosure Programβ on HackerOne, which allows hackers to perform vulnerability assessments. This article describes vulnerabilities reported through this program and published with the permission of the Cloudflare security team. So this article is not intended to recommend you to perform an unauthorized vulnerability assessment. If you found any vulnerabilities in Cloudflareβs product, please report it to Cloudflareβs vulnerability disclosure program. TL;DR There was a vulnerability in the cdnjs library update server that could execute arbitrary