CVE-2020-5259

Name of the Vulnerable Software and Affected Versions dojox versions prior to 1.11.10 dojox versions prior to 1.12.8 dojox versions prior to 1.13.7 dojox versions prior to 1.14.6 dojox versions prior to 1.15.3 dojox versions prior to 1.16.2

Description The issue concerns the jqMix method in the dojox library, which is vulnerable to Prototype Pollution. This refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker can manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values.

Recommendations For dojox versions prior to 1.11.10, update to version 1.11.10 or later. For dojox versions prior to 1.12.8, update to version 1.12.8 or later. For dojox versions prior to 1.13.7, update to version 1.13.7 or later. For dojox versions prior to 1.14.6, update to version 1.14.6 or later. For dojox versions prior to 1.15.3, update to version 1.15.3 or later. For dojox versions prior to 1.16.2, update to version 1.16.2 or later. As a temporary workaround, consider disabling the jqMix method until a patch is available.