Advisories ยป MGASA-2020-0232

Updated dojo packages fix security vulnerability

Publication date: 27 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-5258 , CVE-2020-5259

Description

Updated dojo package fixes security vulnerabilities:

In affected versions of dojo, the deepCopy method is vulnerable to
prototype Pollution. An attacker could manipulate these attributes
to overwrite, or pollute, a JavaScript application object prototype
of the base object by injecting other values (CVE-2020-5258).

The Dojox jQuery wrapper jqMix mixin method is vulnerable to Prototype
Pollution. An attacker could manipulate these attributes to overwrite, or
pollute, a JavaScript application object prototype of the base object by
injecting other values (CVE-2020-5259).
                

References

SRPMS

7/core