CVE-2024-6531

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-6531
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6531.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-6531
Aliases
Downstream
Withdrawn
2025-08-02T12:55:49.565626Z
Published
2024-07-11T18:15:06Z
Modified
2025-08-01T19:54:50.747469Z
Summary
[none]
Details

Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.

References

Affected packages

Debian:11 / twitter-bootstrap4

Package

Name
twitter-bootstrap4
Purl
pkg:deb/debian/twitter-bootstrap4?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.2+dfsg1-8~deb11u2

Affected versions

4.*

4.5.2+dfsg1-7
4.5.2+dfsg1-8~deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / twitter-bootstrap4

Package

Name
twitter-bootstrap4
Purl
pkg:deb/debian/twitter-bootstrap4?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.1+dfsg1-4+deb12u1

Affected versions

4.*

4.6.1+dfsg1-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / twitter-bootstrap4

Package

Name
twitter-bootstrap4
Purl
pkg:deb/debian/twitter-bootstrap4?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.1+dfsg1-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/twbs/bootstrap

Affected ranges

Type
GIT
Repo
https://github.com/twbs/bootstrap
Events

Affected versions

v4.*

v4.0.0
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.2.0
v4.2.1
v4.3.0
v4.3.1
v4.4.0
v4.4.1
v4.5.0
v4.5.1
v4.5.2
v4.5.3
v4.6.0
v4.6.1
v4.6.2