CVE-2024-53384

MEDIUM EPSS 14.7%

Published Mar 3, 20251y ago · Modified Jun 17, 20261w ago

5.1 CVSS 3.1

Medium

Published Mar 3, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components

CVSS Details

Base Score

5.1

Exploitability

2.5

Impact

2.5

Vector string

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

14.7% percentile

Exploit & Patch Status

Public Exploit Known

Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

Vendor	Product	Version	Range
egoist	tsup	8.3.4	any

References 1

gist.github.com https://gist.github.com/jackfromeast/36f98bf7542d11835c883c1d175d9b92

ExploitPatchThird Party Advisory

Remediation

gist.github.com https://gist.github.com/jackfromeast/36f98bf7542d11835c883c1d175d9b92

ExploitPatchThird Party Advisory