漏洞信息详情
Dojo Toolkit 安全漏洞
- CNNVD编号:CNNVD-201808-530
- 危害等级: 超危
- CVE编号: CVE-2018-15494
- 漏洞类型: 其他
- 发布时间: 2018-08-20
- 威胁类型: 远程
- 更新时间: 2022-07-06
- 厂 商: debian
- 漏洞来源:
漏洞简介
Dojo Toolkit是Dojo(DOJO)基金会的一个用Javascript语言实现的开源DHTML工具包。该工具包易于建立互动的用户界面,Dojo的扩展包能够使用户的代码更容易维护,耦合性更低等。
Dojo Toolkit 1.14之前版本中存在安全漏洞。攻击者可利用该漏洞注入未转义的字符串。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/dojo/dojox/pull/283
参考网址
来源:MISC
链接:https://github.com/dojo/dojox/pull/283
来源:MISC
链接:https://dojotoolkit.org/blog/dojo-1-14-released
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2018/09/msg00002.HTML
来源:www.ibm.com
链接:https://www.ibm.com/support/docview.wss?uid=ibm10795512
来源:www.ibm.com
链接:https://www.ibm.com/support/docview.wss?uid=ibm10795524
来源:www.ibm.com
链接:https://www.ibm.com/support/docview.wss?uid=ibm10795518
来源:www.ibm.com
链接:https://www.ibm.com/support/docview.wss?uid=ibm10795504
来源:www.ibm.com
链接:http://www.ibm.com/support/docview.wss?uid=ibm10880775
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6519476
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2916.2/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2889/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2916/
来源:www.ibm.com
链接:http://www.ibm.com/support/docview.wss?uid=ibm10795524
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4745/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-dojo-and-JQuery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-2/
来源:www.ibm.com
链接:http://www.ibm.com/support/docview.wss?uid=ibm10879407
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-dojo-and-JQuery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm/
来源:www-01.ibm.com
链接:https://www-01.ibm.com/support/docview.wss?uid=ibm10795504
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-open-source-libraries-affects-tivoli-netcool-omnibus-webgui/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6487095
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dojo-toolkit-affecting-watson-knowlEdge-catalog-for-ibm-cloud-pak-for-data/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6509624
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/security-bulletin-financial-transaction-manager-corporate-payment-services-affected-potential-cross-site-scripting-xss-vulnerability-cve-2018-15494
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2380/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6513735
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-the-ibm-security-verify-access-docker-container/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1135173
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022070505
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/79958
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3485/
受影响实体
- Debian Debian_linux:8.0
补丁
- Dojo Toolkit 安全漏洞的修复措施
评论