CVE-2010-2274: Dojo Open Redirect vulnerability

May 17, 2022 (updated February 8, 2024)

Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.

References

dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
www-01.ibm.com/support/docview.wss?uid=swg21431472
www-1.ibm.com/support/docview.wss?uid=swg1LO50833
www-1.ibm.com/support/docview.wss?uid=swg1LO50849
www-1.ibm.com/support/docview.wss?uid=swg1LO50856
www-1.ibm.com/support/docview.wss?uid=swg1LO50896
www-1.ibm.com/support/docview.wss?uid=swg1LO50932
www-1.ibm.com/support/docview.wss?uid=swg1LO50958
www-1.ibm.com/support/docview.wss?uid=swg1LO50994
github.com/advisories/GHSA-mmjh-45vj-hfvf
nvd.nist.gov/vuln/detail/CVE-2010-2274
web.archive.org/web/20100617172214/http://secunia.com/advisories/40007
web.archive.org/web/20100629020444/http://secunia.com/advisories/38964

Code Behaviors & Features

Detect and mitigate CVE-2010-2274 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →