dojo

npm5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting dojopage 1 of 1

CVE-2008-6681NONECVSS 0.0EG 0.0✓ Fixed in 1.1.0
2009-04-09
Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.
CVE-2010-2273NONECVSS 0.0EG 0.0✓ Fixed in 1.10.10
2010-06-15
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecifie…
CVE-2015-5654NONECVSS 0.0EG 0.0✓ Fixed in 1.9.1
2015-10-11
Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2020-5258HIGHCVSS 7.7EG 7.7✓ Fixed in 1.16.2
2020-03-10
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. A…
CVE-2021-23450HIGHCVSS 7.5EG 7.5
2021-12-17
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

Check whether dojo is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for dojo CVEs against the assets you own.

Start Free Scan →