Bug 49535 - dojo 1.12.1: multiple issues (4.4)
dojo 1.12.1: multiple issues (4.4)
Status: NEW
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
https://www.cvedetails.com/vulnerabil...
:
Depends on: 42291
Blocks: 49536
  Show dependency treegraph
 
Reported: 2019-05-23 17:56 CEST by Arvid Requate
Modified: 2019-07-22 13:51 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 7.5 - 8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2019-05-23 17:56:42 CEST
The snyk npm monitor currently shows these vulnerabilities for the dojo toolkit:

* unescaped string injection in dojox/Grid/DataGrid (CVE-2018-15494)
  https://access.redhat.com/security/cve/cve-2018-15494

* https://security-tracker.debian.org/tracker/CVE-2018-1000665
  https://access.redhat.com/security/cve/cve-2018-1000665

* https://snyk.io/vuln/npm:dojo:20180818