CVE-2018-20677

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-20677

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20677.json

Aliases

GHSA-ph58-4vrj-w6hr

Related

ALSA-2020:4670
RLSA-2020:4670

Published

2019-01-09T05:29:01Z

Modified

2023-11-29T06:19:09.876763Z

Details

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

References

https://access.redhat.com/errata/RHBA-2019:1076
https://access.redhat.com/errata/RHBA-2019:1570
https://access.redhat.com/errata/RHSA-2019:1456
https://access.redhat.com/errata/RHSA-2019:3023
https://access.redhat.com/errata/RHSA-2020:0132
https://access.redhat.com/errata/RHSA-2020:0133
https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
https://github.com/twbs/bootstrap/issues/27045
https://github.com/twbs/bootstrap/pull/27047
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
https://www.tenable.com/security/tns-2021-14

Affected packages

Git / github.com/twbs/bootstrap

Affected ranges

Type: GIT
Repo: https://github.com/twbs/bootstrap
Events: Introduced

0The exact introduced commit is unknown

Fixed

4c547f2175b9a05aa43551f6927da83fe249ce42

Affected versions

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.2.0

v1.3.0

v1.4.0

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.1.0

v2.1.1

v2.2.0

v2.2.2

v2.3.0

v2.3.1

v3.*

v3.0.0

v3.0.0-rc.2

v3.0.0-rc1

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v3.1.1

v3.2.0

v3.3.0

v3.3.1

v3.3.2

v3.3.4

v3.3.5

v3.3.6

v3.3.7