Merge pull request #9300 from projectdiscovery/added-remediation

Update cloudflare-rocketloader-htmli.yaml
patch-1
Ritik Chaddha 2024-03-08 18:06:42 +05:30 committed by GitHub
commit 45e4b9de84
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions

View File

@ -6,8 +6,10 @@ info:
severity: low
description: |
The Rocket Loader feature in Cloudflare allow attackers to inject arbitrary HTML into the website. This can be used to perform various attacks such as phishing, defacement, etc.
remediation: Disable the rocket loader or Add a CSP header to fix this issue.
reference:
- https://developers.cloudflare.com/speed/optimization/content/rocket-loader/enable/
- https://developers.cloudflare.com/fundamentals/reference/policies-compliances/content-security-policies/#product-requirements
metadata:
max-request: 1
verified: true
@ -37,4 +39,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a0047304502203f1f9450ea215136ca621ee9dbedce3ae4455abcc8dd73db23c5e0cdde586076022100f02e51d462db656b75f00a878d4608aed164f4cc5492a86cb73fd88a1665a085:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502203f1f9450ea215136ca621ee9dbedce3ae4455abcc8dd73db23c5e0cdde586076022100f02e51d462db656b75f00a878d4608aed164f4cc5492a86cb73fd88a1665a085:922c64590222798bb761d5b6d8e72950