CVE-2024-38526

HIGH EXPLOITED NUCLEI

pdoc < 14.5.1 - Dependency on Vulnerable Third-Party Component via polyfill.io CDN

Title source: llm

Exploitation Summary

CVE-2024-38526 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including padayali-JD, putget. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a Python-based scanner that checks for the presence of malicious Polyfill.io domains in web dependencies, specifically targeting CVE-2024-38526. It does not exploit the vulnerability but detects potential exposure by analyzing script sources in HTTP responses.

Description

pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.

Exploits (2)

nomisec SCANNER 6 stars

by padayali-JD · poc

https://github.com/padayali-JD/pollyscan

View Code ZIP pw:eip

The repository contains a Python-based scanner that checks for the presence of malicious Polyfill.io domains in web dependencies, specifically targeting CVE-2024-38526. It does not exploit the vulnerability but detects potential exposure by analyzing script sources in HTTP responses.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Web applications using Polyfill.io dependencies

No auth needed

Prerequisites: Network access to the target URL

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SCANNER

by putget · poc

https://github.com/putget/CVE-2024-38526

View Code ZIP pw:eip

This repository contains a bash script that scans URLs for potential polyfill.io-related vulnerabilities by checking for scripts loaded from untrusted domains. It does not exploit the vulnerability but detects indicators of compromise.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Web applications using polyfill.io or similar CDNs

No auth needed

Prerequisites: List of URLs to scan

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Polyfill Supply Chain Attack Malicious Code Execution

HIGHby abut0n

References (4)

Core 4

Core References

Third Party Advisory

https://www.vicarius.io/vsociety/posts/polyfillio-in-pdoc-cve-2024-38526

Issue Tracking x_refsource_misc

https://github.com/mitmproxy/pdoc/pull/703

Vendor Advisory x_refsource_confirm

https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62

Various Sources x_refsource_misc

https://sansec.io/research/polyfill-supply-chain-attack

Scores

CVSS v3 7.2

EPSS 0.8287

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2024-07-09

CWE

CWE-1395

Status published

Products (2)

mitmproxy/pdoc < 14.5.1

pypi/pdoc 0 - 14.5.1PyPI

Published Jun 26, 2024

Tracked Since Feb 18, 2026