CVE-2024-38526

2024-06-2600:15:10

CWE-1395

GitHub_M

web.nvd.nist.gov

127

pdoc

api documentation

python

security issue

fixed

polyfill.io

javascript

cdn

malicious code

cve-2024-38526

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

EPSS

0.001

Percentile

29.0%

JSON

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.

Affected configurations

Vulners

Vulnrichment

Node

mitmproxypdocRange<14.5.1

VendorProductVersionCPE
mitmproxypdoc*cpe:2.3:a:mitmproxy:pdoc:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mitmproxy	pdoc	*	cpe:2.3:a:mitmproxy:pdoc::::::::

CNA Affected

[
  {
    "vendor": "mitmproxy",
    "product": "pdoc",
    "versions": [
      {
        "version": "< 14.5.1",
        "status": "affected"
      }
    ]
  }
]