| Details | |
|---|---|
| Alert ID | 10115-2 |
| Alert Type | Passive |
| Status | release |
| Risk | High |
| CWE | 829 |
| WASC | 15 |
| Technologies Targeted | All |
| Tags |
CWE-829 OWASP_2017_A09 OWASP_2021_A06 |
| More Info |
Scan Rule Help |
Summary
The page includes one or more script which appear to include a reference to one of the ‘polyfill’ domains. These are not associated with the polyfill.js library and are known to serve malicious content. You should check to see if it is a safe reference (for example in a comment) or whether the script is loading content from that domain.
Solution
Change all scripts to use a known good source based on their documentation.Other Info
References
- https://sansec.io/research/polyfill-supply-chain-attack
- https://x.com/triblondon/status/1761852117579427975