CVE-2018-5382
DOM Clobbering vulnerability in bcprov-jdk15on (Maven)
What is CVE-2018-5382 About?
This vulnerability is a DOM Clobbering flaw found in tsup v8.3.4, allowing attackers to execute arbitrary code. By crafting a malicious script, an attacker can manipulate `document.currentScript` via `import.meta.url`, leading to code execution. Exploitation requires careful crafting of the malicious input.
Affected Software
Technical Details
The DOM Clobbering vulnerability in tsup v8.3.4 occurs within the cjs_shims.js components, specifically targeting how import.meta.url interacts with document.currentScript. An attacker can introduce specially named elements (e.g., <form id='document'><input name='currentScript'></form>) into the Document Object Model (DOM). When cjs_shims.js attempts to access specific DOM properties, these attacker-controlled elements clobber or overwrite the intended DOM objects or properties, redirecting access to attacker-controlled values. If the script then uses the clobbered document.currentScript in a context that directly or indirectly leads to code evaluation, arbitrary code execution can be achieved.
What is the Impact of CVE-2018-5382?
Successful exploitation may allow attackers to execute arbitrary code in the context of the user's browser, leading to full client-side compromise, data theft, or website defacement.
What is the Exploitability of CVE-2018-5382?
Exploiting this DOM Clobbering vulnerability requires a good understanding of DOM manipulation and JavaScript execution contexts. The complexity is moderate to high, as it involves crafting a specific DOM structure to overwrite JavaScript global variables or properties. There are no authentication or privilege requirements beyond the ability to inject content into the victim's browser. This is typically a remote attack where a victim visits a malicious page or a legitimate page that has been compromised to inject the clobbering elements. The attacker needs to ensure their crafted input is processed by the vulnerable cjs_shims.js component.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2018-5382?
Available Upgrade Options
- org.bouncycastle:bcprov-jdk15on
- <1.50 → Upgrade to 1.50
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2018-5382
- https://access.redhat.com/errata/RHSA-2018:2927
- http://www.securityfocus.com/bid/103453
- https://access.redhat.com/errata/RHSA-2018:2927
- https://www.bouncycastle.org/releasenotes.html
- https://www.kb.cert.org/vuls/id/306792
- https://osv.dev/vulnerability/GHSA-8477-3v39-ggpm
- https://www.kb.cert.org/vuls/id/306792
- https://www.oracle.com/security-alerts/cpuoct2020.html
- http://www.securityfocus.com/bid/103453
What are Similar Vulnerabilities to CVE-2018-5382?
Similar Vulnerabilities: CVE-2020-27663 , CVE-2018-1999009 , CVE-2020-13653 , CVE-2021-39148 , CVE-2021-23386
