Lucene search
GitHub_MCVELIST:CVE-2024-38526HistoryJun 25, 2024 - 11:53 p.m.
CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled
2024-06-2523:53:54
CWE-1395
GitHub_M
www.cve.org
7
pdoc
api documentation
python projects
javascript files
polyfill.io
cdn
malicious code
cve-2024-38526
fixed
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
0.0004 Low
EPSS
Percentile
15.7%
pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.
CNA Affected
[
{
"vendor": "mitmproxy",
"product": "pdoc",
"versions": [
{
"version": "< 14.5.1",
"status": "affected"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled
2024-06-25 23:53:54
github
github
pdoc embeds link to malicious CDN if math mode is enabled
2024-06-25 22:23:30
veracode
veracode
Malicious CDN Embedding
2024-06-26 06:13:39
osv
osv
pdoc embeds link to malicious CDN if math mode is enabled
2024-06-25 22:23:30
nvd
nvd
CVE-2024-38526
2024-06-26 00:15:10
cve
cve
CVE-2024-38526
2024-06-26 00:15:10
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
0.0004 Low
EPSS
Percentile
15.7%
Related for CVELIST:CVE-2024-38526