Lukastaegert

**Name of the Vulnerable Software and Affected Versions** Rollup versions prior to 2.79.2, 3.29.5, and 4.22.4 **Description** The issue is related to a DOM Clobbering vulnerability in Rollup when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. This vulnerability can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. The DOM Clobbering gadget can be exploited by an attacker to load scripts from an attacker-controlled server. **Recommendations** For versions prior to 2.79.2, update to version 2.79.2 or later. For versions prior to 3.29.5, update to version 3.29.5 or later. For versions prior to 4.22.4, update to version 4.22.4 or later.