daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor-update

main
Dhiyaneshwaran 2024-07-18 11:38:58 +05:30 committed by GitHub
parent e268102246
commit bb2cb430c0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
headless/2024/CVE-2024-38526.yaml
View File

@ -1,21 +1,28 @@
id: CVE-2024-38526
info:
name: CVE-2024-38526 - Untrusted 3rd party
name: Polyfill Supply Chain Attack Malicious Code Execution
author: abut0n
severity: high
description: |
The polyfill.js is a popular open source library to support older browsers. 100K+ sites embed it using the cdn.polyfill.io. However, in February of 2024, a Chinese company bought the domain and the Github account. Since then, this domain was caught injecting malware on mobile devices via any site that embeds cdn.polyfill.io
pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io
impact: |
The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites.
The polyfill.io CDN has been sold and now serves malicious code.
remediation: |
Remove the dependecy.
This issue has been fixed in pdoc 14.5.1.
reference:
- https://sansec.io/research/polyfill-supply-chain-attack
- https://nvd.nist.gov/vuln/detail/CVE-2024-38526
- https://x.com/triblondon/status/1761852117579427975
tags: CVE,CVE-2024-38526,headless,supply-chain
- https://github.com/mitmproxy/pdoc/pull/703
- https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
cvss-score: 7.2
cve-id: CVE-2024-38526
epss-score: 0.00045
epss-percentile: 0.16001
tags: cve,cve2024,supply-chain,polyfill
headless:
- steps:
- args:
@ -44,7 +51,6 @@ headless:
- type: word
words:
- "polyfill.io"
# More domains that have been used by the same actor to spread malware since at least June 2023: bootcdn.net, bootcss.com, staticfile.net, staticfile.org, unionadjs.com, xhsbpza.com, union.macoms.la, newcrbpc.com.
- "bootcdn.net"
- "bootcss.com"
- "staticfile.net"