Advisories » MGASA-2023-0039

Updated dojo packages fix security vulnerability

Publication date: 07 Feb 2023
Modification date: 06 Feb 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2020-4051 , CVE-2021-23450

Description

Dijit Editor's LinkDialog plugin of dojo 1.14.0 to 1.14.7 is vulnerable to
cross-site scripting (XSS) attacks. (CVE-2020-4051)
Prototype pollution vulnerability via the setObject() function.
(CVE-2021-23450)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31491
• https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6
• https://github.com/advisories/GHSA-m8gw-hjpr-rjv7
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4051
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23450

SRPMS

8/core

• dojo-1.16.5-1.mga8