关联漏洞
标题:
pdoc 安全漏洞
(CVE-2024-38526)
描述:pdoc是mitmproxy开源的一个用于 Python 项目的 API 文档。 pdoc 14.5.1 版本之前存在安全漏洞,该漏洞源于 pdoc --math 命令生成的文档链接指向一个不再安全的CDN。
描述
CVE-2024-38526 - Polyfill Scanner
介绍
## CVE-2024-38526 - Polyfill Scanner:
[x] Mass Urls Scanner
The polyfill.io CDN, previously compromised to serve malicious code, has now been secured with the latest fix in pdoc 14.5.1.
## Overview
- Detect potential issues
- Automate repetitive tasks with ease
## Features
- **High Confidence Alerts**: Detects scripts from untrusted domains.
- **Polyfill Vulnerability Detection**: Identifies potential issues with `polyfill.io`.
- **URL Scanning**: Extracts and analyzes script URLs from provided web pages.
- **Logging and Reporting**: Logs results to `scan_results.txt` with color-coded output.
- **Performance Tracking**: Provides execution time for the scan.
## Example Usage
```bash
bash pollypull.sh urls.txt
Note: The script handles URLs with both http and https protocols.
Ensure that the URLs in your urls.txt file are properly formatted.
The script will process each URL and check for vulnerabilities or untrusted domains.
```
### References:
- [Polyfill[.]io Attack Impacts Over 380,000 ](https://thehackernews.com/2024/07/polyfillio-attack-impacts-over-380000.html)
- [Polyfill supply chain attack hits 100K+ sites](https://sansec.io/research/polyfill-supply-chain-attack )
文件快照
[4.0K] /data/pocs/d6eb2b16bf1f90ad7904b99a48201a826583d290
├── [3.3K] pollypull.sh
└── [1.3K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。