QID 981589
QID 981589: Nodejs (npm) Security Update for dojox (GHSA-pg97-ww7h-5mjr)
Security update has been released for dojox to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
_What kind of vulnerability is it? Who is impacted?_
Potential XSS vulnerability for users of `dojox/xmpp` and `dojox/dtl`.
Solution
_Has the problem been patched? What versions should users upgrade to?_
Yes, patches are available for the 1.11 through 1.16 versions. Users should upgrade to one of these versions of Dojo:
* 1.16.1
* 1.15.2
* 1.14.5
* 1.13.6
* 1.12.7
* 1.11.9
Users of Dojo 1.10.x and earlier should review this change and determine if it impacts them, and backport the change as appropriate.Workaround:
_Is there a way for users to fix or remediate the vulnerability without upgrading?_
The change applied in https://github.com/dojo/dojox/pull/315 could get added separately as a patch.
Yes, patches are available for the 1.11 through 1.16 versions. Users should upgrade to one of these versions of Dojo:
* 1.16.1
* 1.15.2
* 1.14.5
* 1.13.6
* 1.12.7
* 1.11.9
Users of Dojo 1.10.x and earlier should review this change and determine if it impacts them, and backport the change as appropriate.Workaround:
_Is there a way for users to fix or remediate the vulnerability without upgrading?_
The change applied in https://github.com/dojo/dojox/pull/315 could get added separately as a patch.
Vendor References
- GHSA-pg97-ww7h-5mjr -
github.com/advisories/GHSA-pg97-ww7h-5mjr
CVEs related to QID 981589
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-pg97-ww7h-5mjr | dojox |
github.com/advisories/GHSA-pg97-ww7h-5mjr |