CVE-2024-38526 Information

Description

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.

Reference

https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62 https://github.com/mitmproxy/pdoc/pull/703 https://sansec.io/research/polyfill-supply-chain-attack