GHSA-W5MJ-J45Q-M638 ZendFramework1 Potential Security Issues in Bundled Dojo Library

In mid-March, 2010, the Dojo Foundation issued a Security Advisory indicating potential security issues with specific files in Dojo Toolkit. Details of the advisory may be found on the Dojo website: http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ In particular, several file...

ZendFramework1 Potential Security Issues in Bundled Dojo Library

In mid-March, 2010, the Dojo Foundation issued a Security Advisory indicating potential security issues with specific files in Dojo Toolkit. Details of the advisory may be found on the Dojo website: http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ In particular, several file...

Security Bulletin: IBM Operations Analytics Predictive Insights is vulnerable to remote code execution due to Dojo (CVE-2021-23450)

Summary IBM Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. There is a vulnerability in the Dojo library used by IBM WebSphere Application Server traditional in the Admin Console and used by the IBM WebSphere Application Server Liberty...

Security Bulletin: Multiple security vulnerabilities have been identified in dojo library shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2019-10785, CVE-2020-5259, CVE-2020-4051, CVE-2018-15494, CVE-2021-23450)

Summary Multiple security vulnerabilities have been identified in dojo library shipped with IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. SKLM/GKLM has addressed the issues by releasing a fix. Vulnerability Details CVEID:CVE-2019-10785 DESCRIPTION: Dojox is vulnerable to cross-site...

Security Bulletin: IBM WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to remote code execution due to Dojo (CVE-2021-23450)

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There is a vulnerability in the Dojo library used by IBM WebSphere Application Server traditional in the Admin Console and used by the IBM WebSphere Application Server Liberty with the...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management

Summary There is a vulnerability in the Dojo library used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID:CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By...

Security Bulletin: IBM WebSphere Application Server Patterns is vulnerable to remote code execution due to Dojo (CVE-2021-23450)

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There is a vulnerability in the Dojo library used by IBM WebSphere Application Server traditional in the Admin Console and used by the IBM WebSphere Application Server Liberty with the...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Performance Management products (CVE-2021-23450)

Summary There is a vulnerability in the Dojo library used by IBM WebSphere Application Server traditional in the Admin Console and used by the IBM WebSphere Application Server Liberty with the adminCenter-1.0 feature enabled that allows arbitrary code to be executed in the browser. The...

Security Bulletin: Security vulnerability in WebSphere Application Server shipped with Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises (CVE-2021-23450)

Summary IBM WebSphere Application Server is shipped with IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises. IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo CVE-2021-23450. Vulnerability Details Refer to the security bulletin...

Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to remote code execution due to Dojo (CVE-2021-23450)

Summary There is a vulnerability in the Dojo library used by IBM WebSphere Application Server traditional in the Admin Console and used by the IBM WebSphere Application Server Liberty with the adminCenter-1.0 feature enabled that allows arbitrary code to be executed in the browser. This has been...

Security Bulletin: IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450)

Summary There is a vulnerability in the Dojo library used by IBM WebSphere Application Server traditional in the Admin Console and used by the IBM WebSphere Application Server Liberty with the adminCenter-1.0 feature enabled that allows arbitrary code to be executed in the browser. This has been...

UBUNTU-CVE-2021-23450

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function...

PT-2021-7298 · Dojo +3 · Dojo +3

Name of the Vulnerable Software and Affected Versions: dojo versions all Description: The issue is related to the incorrect management of code generation in the dojo library's setObject function. This can allow a remote attacker to execute arbitrary code. The vulnerability is associated with...

Vulnerability fixed in IBM WebSphere

A vulnerability has been fixed in the Dojo library used used by WebSphere Application Server. By exploiting this vulnerability, a remote malicious person may be able to inject arbitrary code onto the system. IBM has released updates to fix the vulnerabilities. More information can be found on the...

Security Bulletin: Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258)

Summary There is a vulnerability in the Dojo library used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By...

Security Bulletin: A security vulnerability ( CVE-2020-5258 ) has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server vulnerability CVE-2020-5258 related to the used Dojo library has been published in a security bulletin. Vulnerability Details Refer to...

Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable in Dojo affects WebSphere Application Server (CVE-2020-5258)

Summary There is a vulnerability in the Dojo library used by WebSphere Application Server. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Jazz for Service...

Security Bulletin: Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258)

Summary There is a vulnerability in the Dojo library used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server is vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258)

Summary There is a vulnerability in the Dojo library used by WebSphere Application Server. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential code injection vulnerability (CVE-2020-5268)

Summary The third party Dojo library could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other values, an attacker could exploit this vulnerability to overwrite, or pollute, a JavaScript application object prototype of the base...