GHSA-mw6q-98mp-g8g8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mw6q-98mp-g8g8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-mw6q-98mp-g8g8/GHSA-mw6q-98mp-g8g8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-mw6q-98mp-g8g8
- Aliases
- Published
- 2021-11-08T17:54:46Z
- Modified
- 2025-01-14T09:12:06.380320Z
- Severity
-
- 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Cross-site Scripting in bootstrap-table
- Details
-
This affects all versions of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set.
- Database specific
{ "cwe_ids": [ "CWE-79", "CWE-843" ], "severity": "LOW", "nvd_published_at": "2021-11-03T18:15:00Z", "github_reviewed_at": "2021-11-04T17:00:48Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-23472
- https://github.com/wenzhixin/bootstrap-table
- https://github.com/wenzhixin/bootstrap-table/blob/develop/src/utils/index.js%23L218
- https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1910690
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1910689
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBWENZHIXIN-1910687
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910688
- https://snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597
Affected packages
npm / bootstrap-table
Package
- Name
- bootstrap-table
- View open source insights on deps.dev
- Purl
- pkg:npm/bootstrap-table