VDB

GCVE-110-MAGEIA-2020-232

GCVE-110-MAGEIA-2020-232
Advisory Published
Vulnetix · Advisory published May 27, 2020
Updated dojo package fixes security vulnerabilities: In affected versions of dojo, the deepCopy method is vulnerable to prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values (CVE-2020-5258). The Dojox jQuery wrapper jqMix mixin method is vulnerable to Prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values (CVE-2020-5259).

Affected Products

VendorProductVersionsPlatforms
Mageiadojo0 (affected), 1.14.6-1.mga7 (unaffected), 1.14.6-1.mga7 (unaffected), 0 (affected)
Mageianextcloud-client0 (affected), 3.0.3-1.mga7 (unaffected)

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›