CVE-2024-38526

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-1395"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38526.json"
}

References

Affected packages

Git / github.com/mitmproxy/pdoc

Affected ranges

Type

GIT

Repo

https://github.com/mitmproxy/pdoc

Events

Introduced

Fixed

9af869689fef2f8134ca13b577e0fdb7e55b672b

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "14.5.1"
        }
    ]
}

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.3.0

0.3.1

0.3.2

v1.*

v1.0.0

v1.0.1

v1.1.0

v10.*

v10.0.0

v10.0.1

v10.0.2

v10.0.3

v10.0.4

v11.*

v11.0.0

v11.1.0

v11.2.0

v12.*

v12.0.0

v12.0.1

v12.0.2

v12.1.0

v12.2.0

v12.2.1

v12.2.2

v12.3.0

v12.3.1

v13.*

v13.0.0

v13.0.1

v13.1.0

v13.1.1

v14.*

v14.0.0

v14.1.0

v14.2.0

v14.3.0

v14.4.0

v14.5.0

v2.*

v2.0.0

v3.*

v3.0.0

v3.0.1

v4.*

v4.0.0

v5.*

v5.0.0

v6.*

v6.0.0

v6.1.0

v6.1.1

v6.2.0

v6.3.0

v6.3.1

v6.3.2

v6.4.0

v6.4.1

v6.4.2

v6.4.3

v6.4.4

v6.5.0

v6.6.0

v7.*

v7.0.0

v7.0.1

v7.0.2

v7.0.3

v7.1.0

v7.1.1

v7.2.0

v7.3.0

v7.3.1

v7.4.0

v8.*

v8.0.0

v8.0.1

v8.1.0

v8.2.0

v8.3.0

v9.*

v9.0.0

v9.0.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38526.json"