MD-2024-0822

Statement on MD-2024-0822 Pollyfill.io JavaScript

August 22, 2024

Information

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc –math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.

• More info at CVE-2024-38526

Severity

Low

Response

Melissa Data Corporation (“Melissa”) was not impacted by Pollyfill.io JavaScript vulnerability. Any Melissa commercial web services or products were not impacted by this vulnerability.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.

If you have any additional questions, please contact Melissa’s Compliance department at Compliance@melissa.com.