Description
In affected versions of dojo, the deepCopy method is vulnerable to
prototype Pollution. An attacker could manipulate these attributes
to overwrite, or pollute, a JavaScript application object prototype
of the base object by injecting other values (CVE-2020-5258).
The Dojox jQuery wrapper jqMix mixin method is vulnerable to Prototype
Pollution. An attacker could manipulate these attributes to overwrite, or
pollute, a JavaScript application object prototype of the base object by
injecting other values (CVE-2020-5259).