Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet.CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. If exploited, the vulnerability would lead to a complete compromise of the CDNNS infrastructure. The vulnerability exploits comprised publishing packages to Cloud Flare’s CDN JS using GitHub and npm, to trigger a Path Traversal vulnerability, and eventually remote code execution.
Source: https://www.bleepingcomputer.com/news/security/critical-cloudflare-cdn-flaw-allowed-compromise-of-12-percent-of-all-sites/