CVE-2010-2276: Critical severity Dojotoolkit Dojo vulnerability
The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact via a request to a (1) test or (2) demo component.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2010-2276?
CVE-2010-2276 has a medium severity rating due to its impact on the default configuration of the Dojo Toolkit.
How do I fix CVE-2010-2276?
To fix CVE-2010-2276, update the Dojo Toolkit to a version later than 0.4.4, 1.0.3, 1.1.2, 1.2.4, 1.3.3, or 1.4.2.
What versions are affected by CVE-2010-2276?
CVE-2010-2276 affects versions of the Dojo Toolkit from 0.4.x to 1.4.x prior to their respective fixed releases.
What type of impact can CVE-2010-2276 have?
CVE-2010-2276 can enable remote attackers to exploit the vulnerability, potentially allowing them to manipulate the affected system.
Is CVE-2010-2276 related to configuration settings in Dojo?
Yes, CVE-2010-2276 is related to the insecure default configuration settings of 'copyTests=true' and 'mini=false' in certain versions of Dojo.