Version 1.17.3
dojo
Dojo 1 - the Dojo 1 toolkit core library.
Install Instructions
npm install dojo
Current Version Release Date August 13, 2022
Language JavaScript/TypeScript
Package URL (purl) pkg:npm/dojo@1.17.3
Find dojo vulnerabilities in your supply chain.
dojo Vulnerabilities
Sort by
CVE (Latest)
CVE (Latest)
-
CVE (Latest)
-
CVE (Oldest)
-
CVSS Score (Highest)
-
CVSS Score (Lowest)
CVE  |
CVSS Score |
CWE(s) |
EPSS Score |
EPSS % |
Impacted Versions |
|---|---|---|---|---|---|
| CVE-2010-2273 | Medium 4.3 | CWE-79 | 0.03572 | 0.91924 |
|
| CVE-2010-2276 | High 10 | CWE-16 | 0.01995 | 0.89299 |
|
| CVE-2018-1000665 | Medium 6.1 | CWE-79 | 0.00083 | 0.36956 |
|
| CVE-2018-15494 | High 9.8 | CWE-116 | 0.00524 | 0.77609 |
|
| CVE-2018-5673 | High 8.8 | CWE-352 | 0.00165 | 0.54375 |
|
| CVE-2020-5258 | High 7.7 | CWE-94, CWE-74, CWE-1321 | 0.00236 | 0.6245 |
|
| CVE-2021-23450 | High 9.8 | CWE-1321 | 0.00879 | 0.83125 |
|
dojo Vulnerability Remediation Guidance
| CVE | Description | Full list of Impacted Versions | Fix |
|---|---|---|---|
| CVE-2021-23450 | All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. | 1.11.0, 1.10.10, 1.12.1, 1.12.3, 1.12.6, 1.12.7, 1.13.4, 1.12.11 (Show all) | Minor → 1.17.0 |
| CVE-2020-5258 | In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2 | 1.11.0, 1.10.10, 1.12.1, 1.12.3, 1.12.6, 1.12.7, 1.13.4, 1.13.5 (Show all) | Minor → 1.17.0 |
| CVE-2018-5673 | An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php. | 1.11.0, 1.12.1, 1.12.3, 1.10.7, 1.10.1, 1.9.3, 1.9.2, 1.13.0 (Show all) | Minor → 1.17.0 |
| CVE-2018-15494 | In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. | 1.11.0, 1.10.10, 1.12.1, 1.12.3, 1.12.6, 1.12.7, 1.13.4, 1.12.11 (Show all) | Minor → 1.17.0 |
| CVE-2018-1000665 | Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14. | 1.11.0, 1.12.1, 1.12.3, 1.14.0-pre, 1.10.7, 1.10.1, 1.11.0-rc3, 1.9.3 (Show all) | Minor → 1.17.0 |
| CVE-2010-2276 | The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component. | 1.11.0, 1.12.1, 1.12.3, 1.10.7, 1.10.1, 1.13.0, 1.10.3, 1.10.5 (Show all) | Minor → 1.17.0 |
| CVE-2010-2273 | Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html. | 1.11.0, 1.12.1, 1.12.3, 1.10.7, 1.10.1, 1.13.0, 1.10.3, 1.10.5 (Show all) | Minor → 1.17.0 |
Instantly see if these dojo vulnerabilities affect your code.