CVE-2010-2276

2022-10-0316:21:10

Debian Security Bug Tracker

security-tracker.debian.org

dojo

default configuration

vulnerability

build process

remote attackers

unspecified impact

unix

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

86.2%

JSON

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.

OSVersionArchitecturePackageVersionFilename
Debian12alldojo< 1.17.2+dfsg1-2.1dojo_1.17.2+dfsg1-2.1_all.deb
Debian11alldojo< 1.15.4+dfsg1-1+deb11u1dojo_1.15.4+dfsg1-1+deb11u1_all.deb
Debian10alldojo< 1.14.2+dfsg1-1+deb10u2dojo_1.14.2+dfsg1-1+deb10u2_all.deb
Debian999alldojo< 1.17.2+dfsg1-2.1dojo_1.17.2+dfsg1-2.1_all.deb
Debian13alldojo< 1.17.2+dfsg1-2.1dojo_1.17.2+dfsg1-2.1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	dojo	< 1.17.2+dfsg1-2.1	dojo_1.17.2+dfsg1-2.1_all.deb
Debian	11	all	dojo	< 1.15.4+dfsg1-1+deb11u1	dojo_1.15.4+dfsg1-1+deb11u1_all.deb
Debian	10	all	dojo	< 1.14.2+dfsg1-1+deb10u2	dojo_1.14.2+dfsg1-1+deb10u2_all.deb
Debian	999	all	dojo	< 1.17.2+dfsg1-2.1	dojo_1.17.2+dfsg1-2.1_all.deb
Debian	13	all	dojo	< 1.17.2+dfsg1-2.1	dojo_1.17.2+dfsg1-2.1_all.deb