Studius Needs an Update Because of a Malicious URL!
-
-
- NativeRadio
- Hero Rocketeer
- Posts: 313
- Thanks: 10
-
latestnews.html.twig has a blacklisted URL??
I have way too many websites built on Studius to have to manually edit a twig file for every website. Can you create an update to Studius that removes any and all references to:
The suspicious URL is: cdn.polyfill.io, and is located in:
./templates/rt_studius/particles/latestnews.html.twig
Cdn.polyfill.io is a domain that provides polyfill.js, a JavaScript library that helps older browsers support newer browser functionality:
What is polyfill.js? A popular open-source library that helps older browsers support newer browser functionality
What is cdn.polyfill.io? A domain that provides polyfill.js
In February 2024, the Chinese company Funnull bought the domain and GitHub account for cdn.polyfill.io:
Funnull modified the service to inject malicious code into websites that embedded scripts from cdn.polyfill.io
The attack impacted over 110,000 websites, including phishing and malicious advertising sites
The attack redirected users to scam sites, allowing attackers to steal sensitive data and potentially perform code execution
To fix this, website owners and developers should immediately remove references from cdn.polyfill.io and use a trusted alternative, such as Cloudflare's mirror. - "When a man has pity on all living creatures then only is he noble."
~ Buddha ~
-
-
-
- Matt
- Preeminent Rocketeer
- Posts: 22254
- Thanks: 3223
- messin' with stuff
-
It's been effectively mitigated by that domain being killed; nothing routes there anymore.
You can remove that line from latestnews.html.twig without issue... polyfill is just for backwards compatibility with very old browsers.
We do have it on the list for template updates. - SEARCH the forum first! These boards are rich in knowledge and vast in topics. This includes searching just the 'Solved' forums, using Google, and using ChatGPT
-
Time to create page: 0.045 seconds