CVE-2010-2276 — Dojo vulnerability

CWE-164 documents4 sources

Severity

10.0CRITICALNVD

EPSS

2.6%

top 14.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dojotoolkit Dojo

Timeline

PublishedJun 15

Latest updateMay 17

Description

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDdojotoolkit/dojo18 versions+17

Patches

Patch: dojotoolkit.org ↗Patch: dojotoolkit.org ↗

🔴Vulnerability Details

GHSA

GHSA-4qwq-p6pf-j85h: The default configuration of the build process in Dojo 0↗2022-05-17

▶

CVEList

CVE-2010-2276: The default configuration of the build process in Dojo 0↗2010-06-14

▶

📋Vendor Advisories

Debian

CVE-2010-2276: dojo - The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x...↗2010

▶