Bug 49535 - dojo 1.12.1: multiple issues (4.4)
Summary: dojo 1.12.1: multiple issues (4.4)
Status: CLOSED DUPLICATE of bug 48963
Alias: None
Product: UCS
Classification: Unclassified
Component: Security updates
Version: UCS 4.4
Hardware: Other Linux
: P5 normal
Target Milestone: UCS 5.0
Assignee: Florian Best
QA Contact: Johannes Keiser
URL: https://www.cvedetails.com/vulnerabil...
Keywords:
Depends on: 42291
Blocks:
  Show dependency treegraph
 
Reported: 2019-05-23 17:56 CEST by Arvid Requate
Modified: 2021-05-25 16:00 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Customer ID:
Max CVSS v3 score: 7.5 - 8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2019-05-23 17:56:42 CEST 
The snyk npm monitor currently shows these vulnerabilities for the dojo toolkit:

* unescaped string injection in dojox/Grid/DataGrid (CVE-2018-15494)
  https://access.redhat.com/security/cve/cve-2018-15494

* https://security-tracker.debian.org/tracker/CVE-2018-1000665
  https://access.redhat.com/security/cve/cve-2018-1000665

* https://snyk.io/vuln/npm:dojo:20180818
Comment 1 Florian Best univentionstaff 2020-09-22 10:02:23 CEST 

*** This bug has been marked as a duplicate of bug 48963 ***
Comment 2 Johannes Keiser univentionstaff 2021-03-15 11:08:42 CET 
OK: duplicate
Comment 3 Florian Best univentionstaff 2021-05-25 16:00:05 CEST 
UCS 5.0 has been released:
 https://docs.software-univention.de/release-notes-5.0-0-en.html
 https://docs.software-univention.de/release-notes-5.0-0-de.html

If this error occurs again, please use "Clone This Bug".