MGASA-2023-0039 - Updated dojo packages fix security vulnerability Publication date: 07 Feb 2023 URL: https://advisories.mageia.org/MGASA-2023-0039.html Type: security Affected Mageia releases: 8 CVE: CVE-2020-4051, CVE-2021-23450 Dijit Editor's LinkDialog plugin of dojo 1.14.0 to 1.14.7 is vulnerable to cross-site scripting (XSS) attacks. (CVE-2020-4051) Prototype pollution vulnerability via the setObject() function. (CVE-2021-23450) References: - https://bugs.mageia.org/show_bug.cgi?id=31491 - https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6 - https://github.com/advisories/GHSA-m8gw-hjpr-rjv7 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4051 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23450 SRPMS: - 8/core/dojo-1.16.5-1.mga8