It was discovered that Dojo did not correctly handle DataGrids. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-15494)
It was discovered that Dojo was vulnerable to prototype pollution. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-23450)
Jonathan Leitschuh discovered that Dojo did not correctly sanitize certain inputs. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-10785, CVE-2020-4051)
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "libjs-dojo-core", "binary_version": "1.10.4+dfsg-2ubuntu0.1~esm1" }, { "binary_name": "libjs-dojo-dijit", "binary_version": "1.10.4+dfsg-2ubuntu0.1~esm1" }, { "binary_name": "libjs-dojo-dojox", "binary_version": "1.10.4+dfsg-2ubuntu0.1~esm1" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "libjs-dojo-core", "binary_version": "1.15.0+dfsg1-1ubuntu0.1~esm1" }, { "binary_name": "libjs-dojo-dijit", "binary_version": "1.15.0+dfsg1-1ubuntu0.1~esm1" }, { "binary_name": "libjs-dojo-dojox", "binary_version": "1.15.0+dfsg1-1ubuntu0.1~esm1" }, { "binary_name": "shrinksafe", "binary_version": "1.15.0+dfsg1-1ubuntu0.1~esm1" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libjs-dojo-core", "binary_version": "1.15.4+dfsg1-1ubuntu0.1" }, { "binary_name": "libjs-dojo-dijit", "binary_version": "1.15.4+dfsg1-1ubuntu0.1" }, { "binary_name": "libjs-dojo-dojox", "binary_version": "1.15.4+dfsg1-1ubuntu0.1" }, { "binary_name": "shrinksafe", "binary_version": "1.15.4+dfsg1-1ubuntu0.1" } ] }