Cross-site Scripting

Tsup is vulnerable to DOM Clobbering. The vulnerability is due to DOM Clobbering caused by a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

CVE-2024-53384

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

@58860ed6ffd9e897/gold-finger-extension (=1.0.2), @99_water/theme (>=0.1.3 <=0.1.7) +1249 more potentially affected by CVE-2024-53384 via tsup (>=2.1.0 <=8.3.0)

tsup NPM version =2.1.0, =0.1.3, =1.0.0, =0.0.0, =1.0.3, =1.0.4, =2.0.0, =4.0.0 - @aiao/color =1.2.3 - @aiao/date =1.0.3 - @aiao/elements-vue =0.0.3 - @aiao/image-storage =0.1.5 - @aiao/nx-tsup =0.0.2 - @aiao/random =0.2.1 - @aiao/url =0.0.8 - @aiao/util =1.0.3 and more Source cves: CVE-2024-5338...

CVE-2024-53384

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

tsup 跨站脚本漏洞

tsup is one of the easiest and fastest ways to bundle TypeScript libraries for EGOIST individual developers. A security vulnerability exists in tsup version v8.3.4, which stems from DOM Clobbering from import.meta.url to document.currentScript, allowing execution of arbitrary code...

CVE-2024-53384

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...