GHSA-4p24-vmcr-4gqj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4p24-vmcr-4gqj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-4p24-vmcr-4gqj/GHSA-4p24-vmcr-4gqj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4p24-vmcr-4gqj
- Aliases
- Published
- 2019-01-17T13:57:27Z
- Modified
- 2024-08-05T16:49:19.682083Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Bootstrap Cross-site Scripting vulnerability
- Details
-
In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041.
See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.
- Database specific
{ "nvd_published_at": "2019-01-09T05:29:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-06-16T20:58:39Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-10735
- https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
- https://github.com/twbs/bootstrap/issues/20184
- https://github.com/twbs/bootstrap/pull/26460
- https://github.com/twbs/bootstrap/pull/23687
- https://github.com/twbs/bootstrap/pull/23679
- https://github.com/github/advisory-database/pull/3281
- https://github.com/twbs/bootstrap
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2016-10735.yml
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2016-10735.yml
- https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
- https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
- https://access.redhat.com/errata/RHSA-2020:0133
- https://access.redhat.com/errata/RHSA-2020:0132
- https://access.redhat.com/errata/RHSA-2019:3023
- https://access.redhat.com/errata/RHSA-2019:1456
- https://access.redhat.com/errata/RHBA-2019:1570
- https://access.redhat.com/errata/RHBA-2019:1076
Affected packages
npm / bootstrap
Package
- Name
- bootstrap
- View open source insights on deps.dev
- Purl
- pkg:npm/bootstrap
npm / bootstrap
Package
- Name
- bootstrap
- View open source insights on deps.dev
- Purl
- pkg:npm/bootstrap
Maven / org.webjars:bootstrap
Package
- Name
- org.webjars:bootstrap
- View open source insights on deps.dev
- Purl
- pkg:maven/org.webjars/bootstrap
Maven / org.webjars:bootstrap
Package
- Name
- org.webjars:bootstrap
- View open source insights on deps.dev
- Purl
- pkg:maven/org.webjars/bootstrap
RubyGems / bootstrap
Package
- Name
- bootstrap
- Purl
- pkg:gem/bootstrap
Packagist / twbs/bootstrap
Package
- Name
- twbs/bootstrap
- Purl
- pkg:composer/twbs/bootstrap
Packagist / twbs/bootstrap
Package
- Name
- twbs/bootstrap
- Purl
- pkg:composer/twbs/bootstrap
NuGet / bootstrap
Package
- Name
- bootstrap
- View open source insights on deps.dev
- Purl
- pkg:nuget/bootstrap
NuGet / bootstrap
Package
- Name
- bootstrap
- View open source insights on deps.dev
- Purl
- pkg:nuget/bootstrap
npm / bootstrap-sass
Package
- Name
- bootstrap-sass
- View open source insights on deps.dev
- Purl
- pkg:npm/bootstrap-sass
RubyGems / bootstrap-sass
Package
- Name
- bootstrap-sass
- Purl
- pkg:gem/bootstrap-sass
Affected versions
2.*
2.0.4.0
2.0.4.1
2.0.4.2
2.1.0.0
2.1.0.1
2.1.1.0
2.2.1.0
2.2.1.1
2.2.2.0
2.3.0.0
2.3.0.1
2.3.1.0
2.3.1.2
2.3.1.3
2.3.2.0
2.3.2.1
2.3.2.2
3.*
3.0.0.0.rc
3.0.0.0.rc2
3.0.0.0
3.0.1.0.rc
3.0.1.0
3.0.2.0
3.0.2.1
3.0.3.0
3.1.0.0
3.1.0.1
3.1.0.2
3.1.1.0
3.1.1.1
3.2.0.4
3.3.0.0
3.3.0.1
3.3.1.0
3.3.2.0
3.3.2.1
3.3.3
3.3.4.1
3.3.5
3.3.5.1
3.3.6
3.3.7
NuGet / bootstrap.sass
Package
- Name
- bootstrap.sass
- View open source insights on deps.dev
- Purl
- pkg:nuget/bootstrap.sass