Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: Polyfill Supplay Chain Attack #16090

Closed
and-who opened this issue Jun 27, 2024 · 5 comments
Closed

Security: Polyfill Supplay Chain Attack #16090

and-who opened this issue Jun 27, 2024 · 5 comments
Assignees
@adamraine

Comments

@and-who
Copy link

and-who commented Jun 27, 2024
edited
Loading

Summary
Currently there is an active Security Issue:
https://sansec.io/research/polyfill-supply-chain-attack

Which warns about the usage of 'cdn.polyfill.io'.

This Project has third-party-web listet as a Dependency, which uses this URL (Could be just Test URLs but better be sure)
@starsinmypockets
Copy link

+1
@connorjclark
Copy link
Collaborator

There's no issue here.
@nolanlf
Copy link

nolanlf commented Jun 27, 2024

Thanks for noting there is not an issue. Would it be possible to get context on why it is not an issue when the treemap/app/debug.json file references polyfill.io? (Is it just an old debug log, vs config... and are there risks polyfill.io could be called during debugging?). Thank you!
@connorjclark
Copy link
Collaborator

That's a test file and the url is just displayed never fetched.
@nolanlf
Copy link

nolanlf commented Jun 27, 2024

Thank you. Perfect!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
5 participants
@starsinmypockets @and-who @connorjclark @adamraine @nolanlf