CVE-2024-53384: tsup DOM Clobbering vulnerability

March 3, 2025

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components

References

gist.github.com/jackfromeast/36f98bf7542d11835c883c1d175d9b92
github.com/advisories/GHSA-3mv9-4h5g-vhg3
github.com/egoist/tsup
nvd.nist.gov/vuln/detail/CVE-2024-53384

Code Behaviors & Features

Detect and mitigate CVE-2024-53384 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →