Pdoc Python Library <= 14.5.1 (CVE-2024-38526)

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1. Note that Nessus has not tested for this issue but...

K000141256: Polyfill vulnerability CVE-2024-38526

Security Advisory Description pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill. io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1. CVE-2024-38526 Impac...

SUSE CVE-2024-38526

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1...

VulnCheck KEV: CVE-2024-38526

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code...

Malicious CDN Embedding

pdoc is vulnerable to malicious CDN embedding. The vulnerability is caused when documentation is generated with math mode pdoc --math due to the usage of a compromised polyfill.io CDN domain. An attacker could potentially exploit this by injecting malicious code into documentation generated with...

CVE-2024-38526

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1...

pdoc Security Vulnerabilities

pdoc is an API documentation for Python projects open-sourced by mitmproxy. A security vulnerability exists in pdoc prior to version 14.5.1, which stems from the pdoc --math command generating a link to a document that points to a CDN that is no longer secure...

CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1...

CVE-2024-38526

CVE-2024-38526 affects the pdoc Python library for API documentation. The underlying issue arises from web assets loaded from the polyfill.io CDN, which has been compromised, leading to delivery of malicious JavaScript through the CDN when using pdoc --math. Several connected sources indicate thi...

CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1...

CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1...

autohooks-plugin-pdoc (>=0.1.1 <=0.1.2), bond-order-processing (=1.0.3) +20 more potentially affected by CVE-2024-38526 via pdoc (>=0.3.2 <=14.5.0)

pdoc PYPI version =0.3.2, =0.1.1, =1.0.0, =0.9.3, =0.0.7, =2.5.7, =0.1.1, =0.4.5, =0.2.0, =0.3.0, =0.1.0, =0.1.1 and more Source cves: CVE-2024-38526 Source advisory: OSV:GHSA-5VGJ-GGM4-FG62...

GHSA-5VGJ-GGM4-FG62 pdoc embeds link to malicious CDN if math mode is enabled

Impact Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. Users who produce documentation with math mode should update immediately. All other users are unaffected. Patches This issue has been fixed...

pdoc embeds link to malicious CDN if math mode is enabled

Impact Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. Users who produce documentation with math mode should update immediately. All other users are unaffected. Patches This issue has been fixed...