In dojo the deepCopy method is vulnerable to prototype pollution which could result in code injection.
Created dojo tracking bugs for this issue:
Affects: epel-all [bug 1812405]
Versions of dojo older than 1.8 do not support `deepCopy`, and thus are not affected by this issue.
Upstream fix : https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):