USN-7569-1

Source
https://ubuntu.com/security/notices/USN-7569-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7569-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-7569-1
Related
Published
2025-06-16T02:55:56.290850Z
Modified
2025-06-16T02:55:56.290850Z
Summary
dojo vulnerabilities
Details

It was discovered that Dojo did not correctly handle DataGrids. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-15494)

It was discovered that Dojo was vulnerable to prototype pollution. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-23450)

Jonathan Leitschuh discovered that Dojo did not correctly sanitize certain inputs. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-10785, CVE-2020-4051)

References

Affected packages

Ubuntu:Pro:16.04:LTS / dojo

Package

Name
dojo
Purl
pkg:deb/ubuntu/dojo@1.10.4+dfsg-2ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.4+dfsg-2ubuntu0.1~esm1

Affected versions

1.*

1.10.4+dfsg-2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "libjs-dojo-core",
            "binary_version": "1.10.4+dfsg-2ubuntu0.1~esm1"
        },
        {
            "binary_name": "libjs-dojo-dijit",
            "binary_version": "1.10.4+dfsg-2ubuntu0.1~esm1"
        },
        {
            "binary_name": "libjs-dojo-dojox",
            "binary_version": "1.10.4+dfsg-2ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / dojo

Package

Name
dojo
Purl
pkg:deb/ubuntu/dojo@1.15.0+dfsg1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.0+dfsg1-1ubuntu0.1~esm1

Affected versions

1.*

1.14.2+dfsg1-1
1.15.0+dfsg1-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "libjs-dojo-core",
            "binary_version": "1.15.0+dfsg1-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libjs-dojo-dijit",
            "binary_version": "1.15.0+dfsg1-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libjs-dojo-dojox",
            "binary_version": "1.15.0+dfsg1-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "shrinksafe",
            "binary_version": "1.15.0+dfsg1-1ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:22.04:LTS / dojo

Package

Name
dojo
Purl
pkg:deb/ubuntu/dojo@1.15.4+dfsg1-1ubuntu0.1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.4+dfsg1-1ubuntu0.1

Affected versions

1.*

1.15.4+dfsg1-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libjs-dojo-core",
            "binary_version": "1.15.4+dfsg1-1ubuntu0.1"
        },
        {
            "binary_name": "libjs-dojo-dijit",
            "binary_version": "1.15.4+dfsg1-1ubuntu0.1"
        },
        {
            "binary_name": "libjs-dojo-dojox",
            "binary_version": "1.15.4+dfsg1-1ubuntu0.1"
        },
        {
            "binary_name": "shrinksafe",
            "binary_version": "1.15.4+dfsg1-1ubuntu0.1"
        }
    ]
}