Debian Local Security Checks : Debian LTS: Security Advisory for dojo (DLA-2139-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.892139

Kategorie: Debian Local Security Checks

Titel: Debian LTS: Security Advisory for dojo (DLA-2139-1)

Zusammenfassung: The remote host is missing an update for the 'dojo'; package(s) announced via the DLA-2139-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'dojo'
package(s) announced via the DLA-2139-1 advisory.

Vulnerability Insight:
The following CVEs were reported against dojo:

CVE-2020-5258

In affected versions of dojo, the deepCopy method is vulnerable
to Prototype Pollution. An attacker could manipulate these
attributes to overwrite, or pollute, a JavaScript application object
prototype of the base object by injecting other values.

CVE-2020-5259

The Dojox jQuery wrapper jqMix mixin method is vulnerable to
Prototype Pollution. An attacker could manipulate these attributes
to overwrite, or pollute, a JavaScript application object prototype
of the base object by injecting other values.

Affected Software/OS:
'dojo' package(s) on Debian Linux.

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
1.10.2+dfsg-1+deb8u3.

We recommend that you upgrade your dojo packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-5258
https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2
https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00012.html
https://lists.apache.org/thread.html/rf481b3f25f05c52ba4e24991a941c1a6e88d281c6c9360a806554d00@%3Cusers.qpid.apache.org%3E
https://lists.apache.org/thread.html/r3638722360d7ae95f874280518b8d987d799a76df7a9cd78eac33a1b@%3Cusers.qpid.apache.org%3E
https://lists.apache.org/thread.html/r665fcc152bd0fec9f71511a6c2435ff24d3a71386b01b1a6df326fd3@%3Cusers.qpid.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2020-5259
https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.892139
Kategorie:	Debian Local Security Checks
Titel:	Debian LTS: Security Advisory for dojo (DLA-2139-1)
Zusammenfassung:	The remote host is missing an update for the 'dojo'; package(s) announced via the DLA-2139-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'dojo' package(s) announced via the DLA-2139-1 advisory. Vulnerability Insight: The following CVEs were reported against dojo: CVE-2020-5258 In affected versions of dojo, the deepCopy method is vulnerable to Prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. CVE-2020-5259 The Dojox jQuery wrapper jqMix mixin method is vulnerable to Prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Affected Software/OS: 'dojo' package(s) on Debian Linux. Solution: For Debian 8 'Jessie', these problems have been fixed in version 1.10.2+dfsg-1+deb8u3. We recommend that you upgrade your dojo packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-5258 https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2 https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpujul2020.html https://lists.debian.org/debian-lts-announce/2020/03/msg00012.html https://lists.apache.org/thread.html/rf481b3f25f05c52ba4e24991a941c1a6e88d281c6c9360a806554d00@%3Cusers.qpid.apache.org%3E https://lists.apache.org/thread.html/r3638722360d7ae95f874280518b8d987d799a76df7a9cd78eac33a1b@%3Cusers.qpid.apache.org%3E https://lists.apache.org/thread.html/r665fcc152bd0fec9f71511a6c2435ff24d3a71386b01b1a6df326fd3@%3Cusers.qpid.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2020-5259 https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da
Copyright	Copyright (C) 2020 Greenbone Networks GmbH