[MAVEN:GHSA-MMJH-45VJ-HFVF] Dojo Open Redirect vulnerability
Severity
Moderate
Affected Packages
5
Fixed Packages
5
CVEs
1
Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.
Package | Affected Version |
---|---|
pkg:maven/org.dojotoolkit/dojo | >= 1.4.0, < 1.4.2 |
pkg:maven/org.dojotoolkit/dojo | >= 1.3.0, < 1.3.3 |
pkg:maven/org.dojotoolkit/dojo | >= 1.2.0, < 1.2.4 |
pkg:maven/org.dojotoolkit/dojo | >= 1.1.0, < 1.1.2 |
pkg:maven/org.dojotoolkit/dojo | >= 1.0.0, < 1.0.3 |
Package | Fixed Version |
---|---|
pkg:maven/org.dojotoolkit/dojo | = 1.4.2 |
pkg:maven/org.dojotoolkit/dojo | = 1.3.3 |
pkg:maven/org.dojotoolkit/dojo | = 1.2.4 |
pkg:maven/org.dojotoolkit/dojo | = 1.1.2 |
pkg:maven/org.dojotoolkit/dojo | = 1.0.3 |
- ID
- MAVEN:GHSA-MMJH-45VJ-HFVF
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-mmjh-45vj-hfvf
- Published
-
2022-05-17T05:50:10
(2 years ago) - Modified
-
2024-02-08T15:49:13
(7 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.dojotoolkit/dojo | org.dojotoolkit | dojo | >= 1.4.0 < 1.4.2 | |||
Fixed | pkg:maven/org.dojotoolkit/dojo | org.dojotoolkit | dojo | = 1.4.2 | |||
Affected | pkg:maven/org.dojotoolkit/dojo | org.dojotoolkit | dojo | >= 1.3.0 < 1.3.3 | |||
Fixed | pkg:maven/org.dojotoolkit/dojo | org.dojotoolkit | dojo | = 1.3.3 | |||
Affected | pkg:maven/org.dojotoolkit/dojo | org.dojotoolkit | dojo | >= 1.2.0 < 1.2.4 | |||
Fixed | pkg:maven/org.dojotoolkit/dojo | org.dojotoolkit | dojo | = 1.2.4 | |||
Affected | pkg:maven/org.dojotoolkit/dojo | org.dojotoolkit | dojo | >= 1.1.0 < 1.1.2 | |||
Fixed | pkg:maven/org.dojotoolkit/dojo | org.dojotoolkit | dojo | = 1.1.2 | |||
Affected | pkg:maven/org.dojotoolkit/dojo | org.dojotoolkit | dojo | >= 1.0.0 < 1.0.3 | |||
Fixed | pkg:maven/org.dojotoolkit/dojo | org.dojotoolkit | dojo | = 1.0.3 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |