In dojo the deepCopy method is vulnerable to prototype pollution which could result in code injection. Upstream Reference:
Created dojo tracking bugs for this issue: Affects: epel-all [
….
Source link
[Bug 1812404] CVE-2020-5258 dojo: Prototype pollution in deepCopy method could result in code injection
RELATED STORIES
Security Advisory 1) Denial of service Severity: Low CVSSv3: 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C] [PCI] CVE-ID: CVE-2018-1000024 CWE-ID:...
1) Cross-site scripting Severity: Low CVSSv3: 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI] CVE-ID: CVE-2018-0618 CWE-ID: CWE-79 – Improper...
This security advisory describes one low risk vulnerability. 1) Permissions, Privileges, and Access Controls Severity:...
This security advisory describes one low risk vulnerability. 1) Input validation error Severity: Low CVSSv3:...
This security advisory describes one low risk vulnerability. 1) Path traversal Severity: Low CVSSv3: 7.1...
This security advisory describes one low risk vulnerability. 1) Improper authorization Severity: Low CVSSv3: 5.3...
Mar 31, 2020 8:00 pm EDT
Categorized: High Severity Share this post: The...
Mar 31, 2020 8:01 pm EDT
Categorized: Medium Severity Share this post: jQuery...
Mar 31, 2020 8:01 pm EDT
Categorized: High Severity Share this post: The...
Mar 31, 2020 8:01 pm EDT
Categorized: High Severity Share this post: There...