Pharos Impact: None
Pharos has reviewed all our software, 3rd party tools/libraries, internal infrastructure and cloud infrastructure and can confirm that we do not use the polyfill.io JavaScript library anywhere.
Background
Recently, a security exploit was discovered inside a popular open-source library that helps older browsers support newer functionality (CVE-2024-38526).
Polyfill.io Supply Chain Attack | Qualys Security Blog
Many organizations, including Pharos customers, are urgently investigating where this tool is used and how to update/repair those instances.