ГлавнаяУязвимости → CVE-2024-38526
7.2высокая

CVE-2024-38526

Описание

pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.

CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
Источники
https://github.com/mitmproxy/pdoc/pull/703https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62https://sansec.io/research/polyfill-supply-chain-attackhttps://www.vicarius.io/vsociety/posts/polyfillio-in-pdoc-cve-2024-38526https://github.com/mitmproxy/pdoc/pull/703https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62https://sansec.io/research/polyfill-supply-chain-attackhttps://www.vicarius.io/vsociety/posts/polyfillio-in-pdoc-cve-2024-38526