CVE-2024-38537 PoC — Fides 安全漏洞

Source

https://github.com/Havoc10-sw/Detect_polyfill_CVE-2024-38537-

Associated Vulnerability

Title:Fides 安全漏洞 (CVE-2024-38537)
Description:Fides是一个开源隐私工程平台，用于管理运行时环境中数据隐私请求的实现以及代码中隐私法规的执行。 Fides 2.39.1之前版本存在安全漏洞。攻击者利用该漏洞可以执行恶意脚本。

Description

Here's a Python script that checks if the polyfill.io domain is present in the Content Security Policy (CSP) header of a given web application.

Readme

# Detect_polyfill_CVE-2024-38537
Here's a Python script that checks if the polyfill.io domain is present in the Content Security Policy (CSP) header of a given web application.
  Steps:
  1.Save the modified script (check_csp_from_file.py) in the same directory as your urls.txt file.
  2.Run the script using python check_csp_from_file.py.
  3.The script will read each URL from urls.txt, fetch the CSP headers, and check if polyfill.io is allowed in each URL's CSP header.

File Snapshot


 [4.0K]  /data/pocs/4e38be3de2b20f0a67d55dec68ab9458b0c99953
├── [1005]  cve202438537.py
└── [ 475]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!