Login
    Contents x
    Pharos Response to Polyfill.io Malicious Code (CVE-2024-38526)
    • 17 Sep 2024
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Pharos Response to Polyfill.io Malicious Code (CVE-2024-38526)

    • Updated on 17 Sep 2024
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Pharos Impact: None

    Pharos has reviewed all our software, 3rd party tools/libraries, internal infrastructure and cloud infrastructure and can confirm that we do not use the polyfill.io JavaScript library anywhere.

    Background

    Recently, a security exploit was discovered inside a popular open-source library that helps older browsers support newer functionality (CVE-2024-38526).

    Polyfill.io Supply Chain Attack | Qualys Security Blog

    Many organizations, including Pharos customers, are urgently investigating where this tool is used and how to update/repair those instances.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout