Dylans

**Name of the Vulnerable Software and Affected Versions** dojox versions prior to 1.11.10 dojox versions prior to 1.12.8 dojox versions prior to 1.13.7 dojox versions prior to 1.14.6 dojox versions prior to 1.15.3 dojox versions prior to 1.16.2 **Description** The issue concerns the `jqMix` method in the dojox library, which is vulnerable to Prototype Pollution. This refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker can manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. **Recommendations** For dojox versions prior to 1.11.10, update to version 1.11.10 or later. For dojox versions prior to 1.12.8, update to version 1.12.8 or later. For dojox versions prior to 1.13.7, update to version 1.13.7 or later. For dojox versions prior to 1.14.6, update to version 1.14.6 or later. For dojox versions prior to 1.15.3, update to version 1.15.3 or later. For dojox versions prior to 1.16.2, update to version 1.16.2 or later. As a temporary workaround, consider disabling the `jqMix` method until a patch is available.