CVE-2024-47068
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-47068 identifies a DOM Clobbering vulnerability in Rollup, a JavaScript module bundler, affecting versions prior to 3.29.5 and 4.22.4. This vulnerability can lead to cross-site scripting (XSS) attacks if attacker-controlled HTML elements are present on web pages, which may compromise the integrity of the application. Remediation is available by updating to Rollup versions 3.29.5 or 4.22.4, which include patches for the issue. The vulnerability has a medium severity rating with a CVSS score of 6.1 and requires user interaction for exploitation, highlighting the importance of securing web applications against potential XSS risks. Affected products include various Rollup configurations labeled as 'y1eQfk,' 'y02Iom,' and others listed in the related documentation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.