GHSA-vpqv-mqvc-pcx2

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-vpqv-mqvc-pcx2/GHSA-vpqv-mqvc-pcx2.json

Aliases

CVE-2014-4920

Published

2023-03-16T18:35:11Z

Modified

2023-03-16T18:41:33.691900Z

Details

The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a reflected cross-site scripting (XSS) attack. This flaw exists because the bootstrap_flash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

References

Affected packages

RubyGems / twitter-bootstrap-rails

twitter-bootstrap-rails

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Fixed

3.2.0

Affected versions

0.*

0.0.3

0.0.4

0.0.5

1.*

1.3.0

1.3.1

1.4.0

1.4.1

1.4.2

1.4.3

2.*

2.0

2.0.0

2.0.1

2.0.1.0

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0rc0

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2.0

2.2.1

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8