Update cloudflare-rocketloader-htmli.yaml

patch-1
Dhiyaneshwaran 2024-03-08 18:01:11 +05:30 committed by GitHub
parent 7c3f147499
commit 27f73e50c3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions

View File

@ -6,8 +6,10 @@ info:
severity: low
description: |
The Rocket Loader feature in Cloudflare allow attackers to inject arbitrary HTML into the website. This can be used to perform various attacks such as phishing, defacement, etc.
remediation: Disable the rocket loader or Add a CSP header to fix this issue.
reference:
- https://developers.cloudflare.com/speed/optimization/content/rocket-loader/enable/
- https://developers.cloudflare.com/fundamentals/reference/policies-compliances/content-security-policies/#product-requirements
metadata:
max-request: 1
verified: true