Lucene search
HistoryJun 26, 2024 - 12:15 a.m.
CVE-2024-38526
pdoc
api documentation
python projects
polyfill.io
cdn
malicious code
fixed
cve-2024-38526
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
0.0004 Low
EPSS
Percentile
15.7%
pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.
Related
github
github
pdoc embeds link to malicious CDN if math mode is enabled
2024-06-25 22:23:30
veracode
veracode
Malicious CDN Embedding
2024-06-26 06:13:39
osv
osv
pdoc embeds link to malicious CDN if math mode is enabled
2024-06-25 22:23:30
vulnrichment
vulnrichment
CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled
2024-06-25 23:53:54
cvelist
cvelist
CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled
2024-06-25 23:53:54
cve
cve
CVE-2024-38526
2024-06-26 00:15:10
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
0.0004 Low
EPSS
Percentile
15.7%
Related for NVD:CVE-2024-38526