Vulnerability Details CVE-2010-2276
The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 87.3%
CVSS Severity
CVSS v2 Score 10.0
References
- http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
- http://secunia.com/advisories/38964
- http://secunia.com/advisories/40007
- http://www-01.ibm.com/support/docview.wss?uid=swg21431472
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994
- http://www.vupen.com/english/advisories/2010/1281
- http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
- http://secunia.com/advisories/38964
- http://secunia.com/advisories/40007
- http://www-01.ibm.com/support/docview.wss?uid=swg21431472
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994
- http://www.vupen.com/english/advisories/2010/1281
Products affected by CVE-2010-2276
-
cpe:2.3:a:dojotoolkit:dojo:0.4.0
-
cpe:2.3:a:dojotoolkit:dojo:0.4.1
-
cpe:2.3:a:dojotoolkit:dojo:0.4.2
-
cpe:2.3:a:dojotoolkit:dojo:0.4.3
-
cpe:2.3:a:dojotoolkit:dojo:1.0
-
cpe:2.3:a:dojotoolkit:dojo:1.0.1
-
cpe:2.3:a:dojotoolkit:dojo:1.0.2
-
cpe:2.3:a:dojotoolkit:dojo:1.1
-
cpe:2.3:a:dojotoolkit:dojo:1.1.1
-
cpe:2.3:a:dojotoolkit:dojo:1.2
-
cpe:2.3:a:dojotoolkit:dojo:1.2.1
-
cpe:2.3:a:dojotoolkit:dojo:1.2.2
-
cpe:2.3:a:dojotoolkit:dojo:1.2.3
-
cpe:2.3:a:dojotoolkit:dojo:1.3
-
cpe:2.3:a:dojotoolkit:dojo:1.3.1
-
cpe:2.3:a:dojotoolkit:dojo:1.3.2
-
cpe:2.3:a:dojotoolkit:dojo:1.4
-
cpe:2.3:a:dojotoolkit:dojo:1.4.1