VDB
CISA-2024-38526
CISA-2024-38526
PUBLISHED
Reported by GitHub_M · Published June 25, 2024
pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mitmproxy | pdoc | < 14.5.1 |
| mitmproxy | pdoc | 0, 0 |
| mitmproxy | pdoc | < 14.5.1, < 14.5.1 |
Timeline
- Jun 25, 2024 CVE Published
- Feb 13, 2025 CVE Updated
References
- https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62 x_refsource_CONFIRM
- https://github.com/mitmproxy/pdoc/pull/703 x_refsource_MISC
- https://sansec.io/research/polyfill-supply-chain-attack x_refsource_MISC