zulip-desktop icon indicating copy to clipboard operation
zulip-desktop copied to clipboard

Published 20 hours ago verified publisher icon zulip

Fix DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Open andrisecops opened this issue 1 year ago • 1 comments

Descriptions

We discovered a DOM Clobbering vulnerability in rollup when bundling scripts that use import.meta.url or with plugins that emit and reference asset files from code in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present.

Backgrounds

DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. More for information about DOM Clobbering.

CWE-79 CVE-2024-47068

What's this PR do?

Any background context you want to provide?

Screenshots?

You have tested this PR on:

  • [x] Windows
  • [ ] Linux/Ubuntu
  • [ ] macOS

andrisecops avatar Sep 30 '24 12:09 andrisecops