Cloudflare has patched a critical vulnerability in its open source content delivery network, CDNJS. The issue threatened the security, integrity, and availability of the wider supply chain. Security researcher RyotaK discovered he could upload a specifically crafted. crafted. package with a Path Traversal or ZIP Slip exploit to achieve remote code execution. The vulnerability works as follows: as soon as CDN.JS fetches a new release from. npm its automated bots would unpack (unzip) the new library. The author of this newly published library could choose to release subsequent versions of the library on the. npm registry. And these would automatically be fetched by CDN.”]