正文

dojo 代码注入漏洞

admin
admin V管理员 /0 评论 /9 阅读
0301
此篇文章发布距今已超过1170天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

dojo 代码注入漏洞

  • CNNVD编号:CNNVD-202003-462
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2020-5258
  • 漏洞类型: 代码注入
  • 发布时间: 2020-03-10
  • 威胁类型: 远程
  • 更新时间: 2021-11-05
  • 厂        商:
  • 漏洞来源:

漏洞简介

dojo是一款JavaScript工具箱,它包含实用程序和UI组件等。

dojo中的deepCopy方法存在代码注入漏洞。攻击者可利用该漏洞覆盖或污染基本对象的JavaScript应用程序对象原型。以下产品及版本受到影响:dojo 1.12.8之前版本,1.13.0及之后版本(1.13.7版本已修复),1.14.0及之后版本(1.14.6版本已修复),1.15.0及之后版本(1.15.3版本已修复),1.16.0及之后版本(1.16.2版本已修复)。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2

参考网址

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2020/03/msg00012.html

来源:MLIST

链接:https://lists.apache.org/thread.html/rf481b3f25f05c52ba4e24991a941c1a6e88d281c6c9360a806554d00@%3Cusers.qpid.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r3638722360d7ae95f874280518b8d987d799a76df7a9cd78eac33a1b@%3Cusers.qpid.apache.org%3E

来源:CONFIRM

链接:https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2

来源:N/A

链接:https://www.oracle.com//security-alerts/cpujul2021.html

来源:MISC

链接:https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d

来源:MLIST

链接:https://lists.apache.org/thread.html/r665fcc152bd0fec9f71511a6c2435ff24d3a71386b01b1a6df326fd3@%3Cusers.qpid.apache.org%3E

来源:MISC

链接:https://www.oracle.com/security-alerts/cpuoct2021.html

来源:MISC

链接:https://www.oracle.com/security-alerts/cpujul2020.html

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpujul2020.html

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021072142

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6455281

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-affected-by-multiple-vulnerabilities-in-dojo/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-elastic-storage-system-cve-2020-5258/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dojo-affects-websphere-application-server-cve-2020-5258-3/

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpuoct2021.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dojo-may-affect-cram-social-program-management-cve-2020-5258/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.0877/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affects-ibm-financial-transaction-manager-for-digital-payments-for-redhat-openshift-cve-2020-5258/

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/dojo-memory-corruption-via-Prototype-Pollution-31771

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-vulnerable-to-a-prototype-pollution-vulnerability/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-java-openssl-websphere-application-server-liberty-and-node-js-affect-ibm-spectrum-control/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-ibm-dojo-toolkit-vulnerabilities-cve-2020-5258-cve-2020-5259/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1373

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021101937

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-affected-by-vulnerability-in-dojo-which-affects-content-collector-for-email/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-6/

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpujul2021.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-4/

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6479341

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dojo-may-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-lks-administration-and-reporting-tool-and-its-agent/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-liberty-3/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-dojo-affect-ibm-spectrum-protect-operations-center-cve-2020-5259-cve-2020-5258/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dojo-affects-websphere-application-server-cve-2020-5258-2/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affects-ibm-financial-transaction-manager-for-redhat-openshift-cve-2020-5258/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-dojo-affect-ibm-spectrum-protect-for-virtual-environments-cve-2020-5259-cve-2020-5258/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dojo-affects-websphere-application-server-cve-2020-5258/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-websphere-application-server-affect-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-3/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1811

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6497449

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-liberty-affects-ibm-wiotp-messagegateway-2/

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6486351

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2020-5258

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-open-source-libraries-affects-tivoli-netcool-omnibus-webgui/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-pak-for-automation/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-rational-asset-analyzer-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2020-5258/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1321

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-installed-websphere-application-server-2/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-corporate-payment-services-is-affected-by-a-potential-code-injection-vulnerability-cve-2020-5268/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-5/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-dojo-vulnerability-in-websphere-liberty-affects-collaboration-and-deployment-services-cve-2020-5258/

受影响实体

    暂无


补丁

  • dojo 注入漏洞的修复措施
    <!--
    2020-3-10
    -->