CVE-2024-38526

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-38526
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38526.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-38526
Aliases
Downstream
Related
Published
2024-06-25T23:53:54.677Z
Modified
2025-11-30T16:47:08.864109Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L/E:H/RL:O/RC:C/MC:N/MI:N/MA:N CVSS Calculator
Summary
pdoc embeds link to malicious CDN if math mode is enabled
Details

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-1395"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38526.json"
}
References

Affected packages

Git / github.com/mitmproxy/pdoc

Affected ranges

Type
GIT
Repo
https://github.com/mitmproxy/pdoc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9af869689fef2f8134ca13b577e0fdb7e55b672b
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "14.5.1"
        }
    ]
}

Affected versions

0.*

0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.3.0
0.3.1
0.3.2

v1.*

v1.0.0
v1.0.1
v1.1.0

v10.*

v10.0.0
v10.0.1
v10.0.2
v10.0.3
v10.0.4

v11.*

v11.0.0
v11.1.0
v11.2.0

v12.*

v12.0.0
v12.0.1
v12.0.2
v12.1.0
v12.2.0
v12.2.1
v12.2.2
v12.3.0
v12.3.1

v13.*

v13.0.0
v13.0.1
v13.1.0
v13.1.1

v14.*

v14.0.0
v14.1.0
v14.2.0
v14.3.0
v14.4.0
v14.5.0

v2.*

v2.0.0

v3.*

v3.0.0
v3.0.1

v4.*

v4.0.0

v5.*

v5.0.0

v6.*

v6.0.0
v6.1.0
v6.1.1
v6.2.0
v6.3.0
v6.3.1
v6.3.2
v6.4.0
v6.4.1
v6.4.2
v6.4.3
v6.4.4
v6.5.0
v6.6.0

v7.*

v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.1.0
v7.1.1
v7.2.0
v7.3.0
v7.3.1
v7.4.0

v8.*

v8.0.0
v8.0.1
v8.1.0
v8.2.0
v8.3.0

v9.*

v9.0.0
v9.0.1