Skip to content
Nuclei Templates

Polyfill Supply Chain Attack Malicious Code Execution

ID: CVE-2024-38526

Severity: high

Author: abut0n

Tags: cve,cve2024,supply-chain,polyfill

Description

Section titled “Description”

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io

YAML Source

Section titled “YAML Source”
id: CVE-2024-38526


info:
  name: Polyfill Supply Chain Attack Malicious Code Execution
  author: abut0n
  severity: high
  description: |
    pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io
  impact: |
    The polyfill.io CDN has been sold and now serves malicious code.
  remediation: |
    This issue has been fixed in pdoc 14.5.1.
  reference:
    - https://sansec.io/research/polyfill-supply-chain-attack
    - https://nvd.nist.gov/vuln/detail/CVE-2024-38526
    - https://x.com/triblondon/status/1761852117579427975
    - https://github.com/mitmproxy/pdoc/pull/703
    - https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
    cvss-score: 7.2
    cve-id: CVE-2024-38526
    epss-score: 0.00045
    epss-percentile: 0.16001
  tags: cve,cve2024,supply-chain,polyfill
headless:
  - steps:
      - args:
          url: "{{BaseURL}}"
        action: navigate


      - action: waitload


      - action: script
        name: extract
        args:
          code: |
            () => {
             return '\n' + [...new Set(Array.from(document.querySelectorAll('[src], [href], [url], [action]')).map(i => i.src || i.href || i.url || i.action))].join('\r\n') + '\n'
            }


    extractors:
      - type: kval
        part: extract
        name: urls
        internal: true
        kval:
          - extract


    matchers:
      - type: word
        words:
          - "polyfill.io"
          - "bootcdn.net"
          - "bootcss.com"
          - "staticfile.net"
          - "staticfile.org"
          - "unionadjs.com"
          - "xhsbpza.com"
          - "union.macoms.la"
          - "newcrbpc.com"
        part: urls
# digest: 4a0a00473045022100ab5c8f20bf119770c476bcf509788840cc4b8027283c225e8e9c77229e207bc5022011da301a71875b08f2ef2e11457cb76b757c8e53122e82b859b747db224ec683:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "headless/cves/2024/CVE-2024-38526.yaml"

View on Github