Mageia 7 MGASA-2020-0232 Moderate: Dojo Prototype Pollution Fixes
mageia
May 27, 2020
Advisory text to describe the update
Summary
Advisory text to describe the update.
Wrap lines at ~75 chars.
Updated dojo package fixes security vulnerabilities:
In affected versions of dojo, the deepCopy method is vulnerable to
prototype Pollution. An attacker could manipulate these attributes
to overwrite, or pollute, a JavaScript application object prototype
of the base object by injecting other values (CVE-2020-5258).
The Dojox jQuery wrapper jqMix mixin method is vulnerable to Prototype
Pollution. An attacker could manipulate these attributes to overwrite, or
pollute, a JavaScript application object prototype of the base object by
injecting other values (CVE-2020-5259).
References
- https://bugs.mageia.org/show_bug.cgi?id=26335
- https://lists.debian.org/debian-lts-announce/2020/03/msg00012.html
- https://www.cve.org/CVERecord?id=CVE-2020-5258
- https://www.cve.org/CVERecord?id=CVE-2020-5259
Resolution
SRPMS
- 7/core/dojo-1.14.6-1.mga7
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 27 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0232.html
Type: security
CVE: CVE-2020-5258,
CVE-2020-5259
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!