The following CVEs were reported against dojo:
In affected versions of dojo, the deepCopy method is vulnerable to Prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values.
The Dojox jQuery wrapper jqMix mixin method is vulnerable to Prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values.
For Debian 8 Jessie
, these problems have been fixed in version
1.10.2+dfsg-1+deb8u3.
We recommend that you upgrade your dojo packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS