[Pkg-javascript-devel] Bug#906540: dojo: CVE-2018-15494
Salvatore Bonaccorso
carnil at debian.org
Sat Aug 18 09:45:44 BST 2018
Source: dojo
Version: 1.13.0+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/dojo/dojox/pull/283
Hi,
The following vulnerability was published for dojo.
CVE-2018-15494[0]:
| In Dojo Toolkit before 1.14, there is unescaped string injection in
| dojox/Grid/DataGrid.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-15494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15494
[1] https://github.com/dojo/dojox/pull/283
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-javascript-devel
mailing list