Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-47068

Опубликовано: 23 сент. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.1

Описание

Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta (e.g., import.meta.url) in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present. Versions 2.79.2, 3.29.5, and 4.22.4 contain a patch for the vulnerability.

РелизСтатусПримечание
devel

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

noble

needs-triage

oracular

ignored

end of life, was needs-triage
plucky

needs-triage

questing

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 80%
0.01368
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-47068

CVSS3: 6.4
redhat
больше 1 года назад

Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 2.79.2, 3.29.5, and 4.22.4 contain a patch for the vulnerability.

nvd логотип

CVE-2024-47068

CVSS3: 6.1
nvd
больше 1 года назад

Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 2.79.2, 3.29.5, and 4.22.4 contain a patch for the vulnerability.

debian логотип

CVE-2024-47068

CVSS3: 6.1
debian
больше 1 года назад

Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3 ...

github логотип

GHSA-gcx4-mw62-g8wm

CVSS3: 6.4
github
больше 1 года назад

DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

EPSS

Процентиль: 80%
0.01368
Низкий

6.1 Medium

CVSS3