90
Critical
putyourlightson/craft-blitz
AIKIDO-2024-10165: putyourlightson/craft-blitz is vulnerable to Malicious Code in versions 3.11.1 - 3.14.0 and 4.0.0 - 4.11.2.
Malicious Code
Vuln in 3.11.1 - 3.14.0
Fixed in 3.15.0
Vuln in 4.0.0 - 4.11.2
Fixed in 4.12.0
No CVE available
TL;DR
putyourlightson/craft-blitz uses polyfill[.]io for IE support, this library was taken over and serves malicious code.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade putyourlightson/craft-blitz library to patch version.
Are you
to these issues?
Connect your GitHub, GitLab, Bitbucket or Azure DevOps account to start scanning your repos for free.
Start For FreeYour data won't be shared · Read-only access
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US