A JavaScript toolkit that saves you time and scales with your development process. Provides everything you need to build a Web app. Language utilities, UI components, and more, all in one place, designed to work together perfectly.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
CVE-2018-15494 - High Severity Vulnerability
Vulnerable Library - dojodojo-release-1.8.14
A JavaScript toolkit that saves you time and scales with your development process. Provides everything you need to build a Web app. Language utilities, UI components, and more, all in one place, designed to work together perfectly.
Library home page: https://download.dojotoolkit.org/?wsslib=dojo
Found in HEAD commit: c1798ead91d2e29638750ee4789402c3734b95ee
Found in base branch: master
Vulnerable Source Files (1)
_depth_0/EPiBootstrapArea/src/EPiBootstrapArea.Forms/modules/_protected/Shell/Shell/11.1.0.0/ClientResources/dojox/grid/_Builder.js
Vulnerability Details
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
Publish Date: 2018-08-18
URL: CVE-2018-15494
CVSS 3 Score Details (9.8)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082
Release Date: 2018-08-18
Fix Resolution: 1.14.0
Step up your Open Source Security Game with WhiteSource here