CVE-2010-2274
Dojo Open Redirect vulnerability
EPSS 0.96%
Description
Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.
How to fix CVE-2010-2274
To remediate CVE-2010-2274, upgrade the affected package to a fixed version below.
- —upgrade to 1.4.2+dfsg-1 or later
- —upgrade to 1.0.3 or later
Is CVE-2010-2274 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.4.2+dfsg-1
- >= 1.0.0, < 1.0.3