Bug 49535 - dojo 1.12.1: multiple issues (4.4)
dojo 1.12.1: multiple issues (4.4)
Status: RESOLVED DUPLICATE of bug 48963
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 5.0
Assigned To: Florian Best
Johannes Keiser
Depends on: 42291
Blocks: 49536
  Show dependency treegraph
Reported: 2019-05-23 17:56 CEST by Arvid Requate
Modified: 2020-09-22 10:02 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 7.5 - 8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N)


Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2019-05-23 17:56:42 CEST
The snyk npm monitor currently shows these vulnerabilities for the dojo toolkit:

* unescaped string injection in dojox/Grid/DataGrid (CVE-2018-15494)

* https://security-tracker.debian.org/tracker/CVE-2018-1000665

* https://snyk.io/vuln/npm:dojo:20180818
Comment 1 Florian Best univentionstaff 2020-09-22 10:02:23 CEST

*** This bug has been marked as a duplicate of bug 48963 ***