Browse all 3 CVE security advisories affecting Dojo. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Dojo is a JavaScript framework primarily used for building web applications with rich interactive interfaces. Historically, it has been susceptible to various vulnerability classes including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws. The framework's security record shows three CVEs, with notable issues including improper input validation leading to XSS and insecure deserialization enabling RCE. While no major public security incidents have been widely reported, the CVE history indicates consistent challenges in input handling and component security, requiring developers to implement proper validation and sanitization when using Dojo in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-4051 | XSS in Dijit Editor's LinkDialog plugin — dijitCWE-79 | 3.7 | Low | 2020-06-15 |
| CVE-2020-5258 | Prototype pollution in dojo — dojoCWE-94 | 7.7 | High | 2020-03-10 |
| CVE-2020-5259 | Prototype Pollution in Dojox — dojoxCWE-94 | 7.7 | High | 2020-03-10 |
This page lists every published CVE security advisory associated with Dojo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.