Deprecated and vulnerable version of rollup #17

New issue

Closed

opened 2024-12-28 18:50:30 +01:00 by kapustaikwas27 · 1 comment

kapustaikwas27 commented 2024-12-28 18:50:30 +01:00 (Migrated from github.com)

Copy link

DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

https://github.com/advisories/GHSA-gcx4-mw62-g8wm

DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS https://github.com/advisories/GHSA-gcx4-mw62-g8wm

marijnh commented 2024-12-29 10:47:18 +01:00 (Migrated from github.com)

Copy link

Since our build output doesn't reference document.currentScript, I don't think this vulnerability is an issue for this package. Attached patch upgrades Rollup to a current version.

Since our build output doesn't reference `document.currentScript`, I don't think this vulnerability is an issue for this package. Attached patch upgrades Rollup to a current version.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

2.2.8

2.2.7

2.2.6

2.2.5

2.2.4

2.2.3

2.2.2

2.2.1

2.2.0

2.1.1

2.1.0

2.0.0

1.1.8

1.1.7

1.1.6

1.1.5

1.1.3

1.1.2

1.1.1

1.1.0

1.0.0

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

marijn/w3c-keyname#17

No description provided.