(JustPatriots.com)- It would appear that a major outage that impacted a large number of websites has been fixed. The issue seems to have been caused by problems at Cloudflare, an internet infrastructure provider that powers a significant portion of the web.
Error messages were displayed to anyone who attempted to access compromised websites. According to TechCrunch, Cloudflare was able to repair the issue within an hour after customers started reporting problems on Tuesday.
TechCrunch reported that the significant hiccup impacted many well-known websites, such as Medium and DoorDash. TechCrunch reported that Cloudflare did not disclose what caused the outage nor what steps it took to repair the problem.
Cloudflare released the following updates on the page that monitors the status of its system: “The issue has been detected, and a fix is being implemented.”
“A critical P0 incident was announced at about 06:34 AM UTC. There have been issues with connectivity throughout a large portion of Cloudflare’s network.”
“Clients trying to access Cloudflare sites in afflicted regions will see 500 errors,”
“The incident affects all of the services provided by our network’s data plane.”
After an hour, it stated: “This incident has been resolved.”
According to TechCrunch, the company experienced a situation quite similar to this one the week before.
In June of 2021, a severe vulnerability in the CDNJS library, which is used by 12.7% of all websites on the internet, was addressed by Cloudflare.
The second-most popular CDN for JavaScript after Google Hosted Libraries, CDNJS is a free and open-source content delivery network (CDN) that provides access to 4,041 JavaScript and CSS libraries.
The vulnerability was a problem with the CDNJS library update server that would enable an attacker to run arbitrary instructions, ultimately compromising the system.
On April 6, 2021, security researcher RyotaK found and reported the vulnerability. No proof of attacks using this issue in the wild has been found.
In particular, the vulnerability operates by using GitHub and npm to publish packages to Cloudflare’s CDNJS, exploiting it to cause a path traversal vulnerability, and finally tricking the server into running arbitrary code achieving remote code execution.