Lucene search
HistoryJun 26, 2024 - 12:15 a.m.
CVE-2024-38526
pdoc
api documentation
python
security issue
fixed
polyfill.io
javascript
cdn
malicious code
cve-2024-38526
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
0.0004 Low
EPSS
Percentile
15.7%
pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.
Affected configurations
Node
mitmproxymitmproxyRange<14.5.1
CNA Affected
[
{
"vendor": "mitmproxy",
"product": "pdoc",
"versions": [
{
"version": "< 14.5.1",
"status": "affected"
}
]
}
]Related
osv
osv
pdoc embeds link to malicious CDN if math mode is enabled
2024-06-25 22:23:30
veracode
veracode
Malicious CDN Embedding
2024-06-26 06:13:39
github
github
pdoc embeds link to malicious CDN if math mode is enabled
2024-06-25 22:23:30
vulnrichment
vulnrichment
CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled
2024-06-25 23:53:54
nvd
nvd
CVE-2024-38526
2024-06-26 00:15:10
cvelist
cvelist
CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled
2024-06-25 23:53:54
openvas
openvas
Web Application using Malicious polyfill.io CDN (HTTP)
2024-07-03 00:00:00
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
0.0004 Low
EPSS
Percentile
15.7%
Related for CVE-2024-38526