CVE-2018-15494: Improper Encoding or Escaping of Output

October 15, 2018 (updated September 3, 2021)

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.

References

dojotoolkit.org/blog/dojo-1-14-released
github.com/advisories/GHSA-84cm-x2q5-8225
github.com/dojo/dojox/pull/283
lists.debian.org/debian-lts-announce/2018/09/msg00002.html
nvd.nist.gov/vuln/detail/CVE-2018-15494

Code Behaviors & Features

Detect and mitigate CVE-2018-15494 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →