| Name | CVE-2010-2276 |
| Description | The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| dojo (PTS) | jessie, jessie (lts) | 1.10.2+dfsg-1+deb8u4 | fixed |
| buster (security), buster, buster (lts) | 1.14.2+dfsg1-1+deb10u3 | fixed | |
| bullseye | 1.15.4+dfsg1-1+deb11u1 | fixed | |
| sid, trixie, bookworm | 1.17.2+dfsg1-2.1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| dojo | source | (unstable) | (not affected) |
- dojo <not-affected> (Doesn't affect the Debian packaging)