[MAVEN:GHSA-MMJH-45VJ-HFVF] Dojo Open Redirect vulnerability

Severity Moderate

Affected Packages 5

Fixed Packages 5

CVEs 1

Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.

Package	Affected Version
pkg:maven/org.dojotoolkit/dojo	>= 1.4.0, < 1.4.2
pkg:maven/org.dojotoolkit/dojo	>= 1.3.0, < 1.3.3
pkg:maven/org.dojotoolkit/dojo	>= 1.2.0, < 1.2.4
pkg:maven/org.dojotoolkit/dojo	>= 1.1.0, < 1.1.2
pkg:maven/org.dojotoolkit/dojo	>= 1.0.0, < 1.0.3

Package	Fixed Version
pkg:maven/org.dojotoolkit/dojo	= 1.4.2
pkg:maven/org.dojotoolkit/dojo	= 1.3.3
pkg:maven/org.dojotoolkit/dojo	= 1.2.4
pkg:maven/org.dojotoolkit/dojo	= 1.1.2
pkg:maven/org.dojotoolkit/dojo	= 1.0.3

ID: MAVEN:GHSA-MMJH-45VJ-HFVF
Severity: moderate
URL: https://github.com/advisories/GHSA-mmjh-45vj-hfvf
Published: 2022-05-17T05:50:10
(2 years ago)
Modified: 2024-02-08T15:49:13
(7 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2010-2274
			http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
			http://www-01.ibm.com/support/docview.wss?uid=swg21431472
			http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833
			http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849
			http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856
			http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896
			http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932
			http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958
			http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994
			https://web.archive.org/web/20100617172214/http://secunia.com/advisories/40007
			https://web.archive.org/web/20100629020444/http://secunia.com/advisories/38964
			https://github.com/advisories/GHSA-mmjh-45vj-hfvf

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/org.dojotoolkit/dojo	org.dojotoolkit	dojo	>= 1.4.0 < 1.4.2
Fixed	pkg:maven/org.dojotoolkit/dojo	org.dojotoolkit	dojo	= 1.4.2
Affected	pkg:maven/org.dojotoolkit/dojo	org.dojotoolkit	dojo	>= 1.3.0 < 1.3.3
Fixed	pkg:maven/org.dojotoolkit/dojo	org.dojotoolkit	dojo	= 1.3.3
Affected	pkg:maven/org.dojotoolkit/dojo	org.dojotoolkit	dojo	>= 1.2.0 < 1.2.4
Fixed	pkg:maven/org.dojotoolkit/dojo	org.dojotoolkit	dojo	= 1.2.4
Affected	pkg:maven/org.dojotoolkit/dojo	org.dojotoolkit	dojo	>= 1.1.0 < 1.1.2
Fixed	pkg:maven/org.dojotoolkit/dojo	org.dojotoolkit	dojo	= 1.1.2
Affected	pkg:maven/org.dojotoolkit/dojo	org.dojotoolkit	dojo	>= 1.0.0 < 1.0.3
Fixed	pkg:maven/org.dojotoolkit/dojo	org.dojotoolkit	dojo	= 1.0.3

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date