CVE-2010-2276
First published: Tue Jun 15 2010(Updated: )
The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dojo Toolkit | =1.2.1 | |
| Dojo Toolkit | =1.1 | |
| Dojo Toolkit | =0.4.3 | |
| Dojo Toolkit | =1.3.2 | |
| Dojo Toolkit | =0.4.0 | |
| Dojo Toolkit | =0.4.1 | |
| Dojo Toolkit | =1.0.1 | |
| Dojo Toolkit | =1.2.3 | |
| Dojo Toolkit | =1.0 | |
| Dojo Toolkit | =1.3.1 | |
| Dojo Toolkit | =1.0.2 | |
| Dojo Toolkit | =1.1.1 | |
| Dojo Toolkit | =1.3 | |
| Dojo Toolkit | =1.4.1 | |
| Dojo Toolkit | =0.4.2 | |
| Dojo Toolkit | =1.2.2 | |
| Dojo Toolkit | =1.2 | |
| Dojo Toolkit | =1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994
- http://www-01.ibm.com/support/docview.wss?uid=swg21431472
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932
- http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833
- http://secunia.com/advisories/38964
- http://secunia.com/advisories/40007
- http://www.vupen.com/english/advisories/2010/1281
Frequently Asked Questions
What is the severity of CVE-2010-2276?
CVE-2010-2276 has a medium severity rating due to its impact on the default configuration of the Dojo Toolkit.
How do I fix CVE-2010-2276?
To fix CVE-2010-2276, update the Dojo Toolkit to a version later than 0.4.4, 1.0.3, 1.1.2, 1.2.4, 1.3.3, or 1.4.2.
What versions are affected by CVE-2010-2276?
CVE-2010-2276 affects versions of the Dojo Toolkit from 0.4.x to 1.4.x prior to their respective fixed releases.
What type of impact can CVE-2010-2276 have?
CVE-2010-2276 can enable remote attackers to exploit the vulnerability, potentially allowing them to manipulate the affected system.
Is CVE-2010-2276 related to configuration settings in Dojo?
Yes, CVE-2010-2276 is related to the insecure default configuration settings of 'copyTests=true' and 'mini=false' in certain versions of Dojo.
- agent/first-publish-date
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/dojotoolkit
- canonical/dojo toolkit
- version/dojo toolkit/1.2.1
- version/dojo toolkit/1.1
- version/dojo toolkit/0.4.3
- version/dojo toolkit/1.3.2
- version/dojo toolkit/0.4.0
- version/dojo toolkit/0.4.1
- version/dojo toolkit/1.0.1
- version/dojo toolkit/1.2.3
- version/dojo toolkit/1.0
- version/dojo toolkit/1.3.1
- version/dojo toolkit/1.0.2
- version/dojo toolkit/1.1.1
- version/dojo toolkit/1.3
- version/dojo toolkit/1.4.1
- version/dojo toolkit/0.4.2
- version/dojo toolkit/1.2.2
- version/dojo toolkit/1.2
- version/dojo toolkit/1.4