cve/2024/CVE-2024-38526.md

### [CVE-2024-38526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38526)
![](https://img.shields.io/static/v1?label=Product&message=pdoc&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2014.5.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1395%3A%20Dependency%20on%20Vulnerable%20Third-Party%20Component&color=brighgreen)

### Description

pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.

### POC

#### Reference
- https://www.vicarius.io/vsociety/posts/polyfillio-in-pdoc-cve-2024-38526

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-08-11 18:44 2024-08-11 18:44:53 +00:00			`### [CVE-2024-38526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38526)`
			`![](https://img.shields.io/static/v1?label=Product&message=pdoc&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2014.5.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1395%3A%20Dependency%20on%20Vulnerable%20Third-Party%20Component&color=brighgreen)`

			`### Description`

			pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.

			`### POC`

			`#### Reference`
			`- https://www.vicarius.io/vsociety/posts/polyfillio-in-pdoc-cve-2024-38526`

			`#### Github`
			`No PoCs found on GitHub currently.`