Hi All,
Some of you may have seen from various outlets that a vulnerability has been identified in the “polyfill.js” library and particularly the hosted version of that library (cdn.polyfill.io). This is a popular open source library that is used in many sites to add various javascript support features to older web browsers.
In light of this new vulnerability we have conducted a review of our Moodle products, associated moodle.org and moodle.com sites as well as our Moodle Cloud sites. We can confirm that our systems are not affected by this issue. We do not use this library in our product codebase or in the code of our company sites.
As a point of clarification the Moodle LMS codebase does include a file named `polyfill.js`, which might raise concerns due to the similarity in names. However, we assure you that this file is entirely unrelated to the vulnerability identified, and is just a coincidence.
We take security very seriously. Our team continuously monitors for new threats and vulnerabilities, ensuring that our products remain secure and reliable. We have robust processes in place to assess and mitigate any potential risks swiftly and effectively.
More information on this exploit can be found at https://polykill.io/ and this Sansec article provides a good overview.
Kind Regards,
Matt Porritt
Head of Platform Solutions.