GHSA-9v3m-8fp8-mj99

Source

https://github.com/advisories/GHSA-9v3m-8fp8-mj99

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-9v3m-8fp8-mj99

Aliases

CVE-2019-8331

Published

2019-02-22T20:54:47Z

Modified

2024-08-01T21:22:34.488600Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Bootstrap Vulnerable to Cross-Site Scripting

Details

Versions of bootstrap prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript.

Recommendation

For bootstrap 4.x upgrade to 4.3.1 or later. For bootstrap 3.x upgrade to 3.4.1 or later.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed_at": "2020-06-16T21:29:39Z",
    "github_reviewed": true,
    "nvd_published_at": "2019-02-20T16:29:00Z",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven

org.webjars:bootstrap

Package

Name: org.webjars:bootstrap; View open source insights on deps.dev
Purl: pkg:maven/org.webjars/bootstrap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.4.1

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.1.0

3.1.1

3.1.1-1

3.1.1-2

3.2.0

3.2.0-1

3.2.0-2

3.3.0

3.3.1

3.3.2

3.3.2-1

3.3.2-2

3.3.4

3.3.5

3.3.6

3.3.7

3.3.7-1

3.4.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json"

org.webjars:bootstrap

Package

Name: org.webjars:bootstrap; View open source insights on deps.dev
Purl: pkg:maven/org.webjars/bootstrap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.3.1

Affected versions

4.*

4.0.0

4.0.0-1

4.0.0-2

4.1.0

4.1.1

4.1.2

4.1.3

4.2.1

4.3.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json"

npm

bootstrap

Package

Name: bootstrap; View open source insights on deps.dev
Purl: pkg:npm/bootstrap

Affected ranges

Type: SEMVER
Events: Introduced

4.0.0

Fixed

4.3.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json"

bootstrap

Package

Name: bootstrap; View open source insights on deps.dev
Purl: pkg:npm/bootstrap

Affected ranges

Type: SEMVER
Events: Introduced

3.0.0

Fixed

3.4.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json"

bootstrap-sass

Package

Name: bootstrap-sass; View open source insights on deps.dev
Purl: pkg:npm/bootstrap-sass

Affected ranges

Type: SEMVER
Events: Introduced

3.0.0

Fixed

3.4.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json"

NuGet

Bootstrap.Less

Package

Name: Bootstrap.Less; View open source insights on deps.dev
Purl: pkg:nuget/Bootstrap.Less

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.4.1

Affected versions

3.*

3.3.5

3.3.6-jQuery3

3.3.6

3.3.6.1

3.3.7

3.4.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json"

bootstrap

Package

Name: bootstrap; View open source insights on deps.dev
Purl: pkg:nuget/bootstrap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.3.1

Affected versions

4.*

4.0.0

4.1.0

4.1.1-contentFiles

4.1.1

4.1.2

4.1.3

4.2.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json"

bootstrap

Package

Name: bootstrap; View open source insights on deps.dev
Purl: pkg:nuget/bootstrap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.4.1

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.1.0

3.1.1

3.2.0

3.3.0

3.3.1

3.3.2

3.3.4

3.3.5

3.3.6-jQuery3

3.3.6

3.3.6.1

3.3.7

3.4.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json"

bootstrap.sass

Package

Name: bootstrap.sass; View open source insights on deps.dev
Purl: pkg:nuget/bootstrap.sass

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.1

Affected versions

3.*

3.4.1

4.*

4.0.0-alpha

4.0.0-alpha2

4.0.0-alpha3

4.0.0-alpha4

4.0.0-alpha5

4.0.0-alpha6

4.0.0-beta

4.0.0-beta2

4.0.0-beta3

4.0.0

4.1.0

4.1.1-contentFiles

4.1.1

4.1.2

4.1.3

4.2.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json"

Packagist

twbs/bootstrap

Package

Name: twbs/bootstrap
Purl: pkg:composer/twbs/bootstrap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.4.1

Affected versions

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v3.1.1

v3.2.0

v3.3.0

v3.3.1

v3.3.2

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.4.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json"

twbs/bootstrap

Package

Name: twbs/bootstrap
Purl: pkg:composer/twbs/bootstrap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.3.1

Affected versions

v4.*

v4.0.0

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.2.0

v4.2.1

v4.3.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json"

RubyGems

bootstrap

Package

Name: bootstrap
Purl: pkg:gem/bootstrap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.1

Affected versions

4.*

4.0.0.alpha1

4.0.0.alpha2

4.0.0.alpha3

4.0.0.alpha3.1

4.0.0.alpha4

4.0.0.alpha5

4.0.0.alpha6

4.0.0.beta

4.0.0.beta2

4.0.0.beta2.1

4.0.0.beta3

4.0.0

4.1.0

4.1.1

4.1.2

4.1.3

4.2.1

4.3.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json"

bootstrap-sass

Package

Name: bootstrap-sass
Purl: pkg:gem/bootstrap-sass

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.4.1

Affected versions

3.*

3.0.0.0

3.0.1.0.rc

3.0.1.0

3.0.2.0

3.0.2.1

3.0.3.0

3.1.0.0

3.1.0.1

3.1.0.2

3.1.1.0

3.1.1.1

3.2.0.4

3.3.0.0

3.3.0.1

3.3.1.0

3.3.2.0

3.3.2.1

3.3.3

3.3.4.1

3.3.5

3.3.5.1

3.3.6

3.3.7

3.4.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json"

twitter-bootstrap-rails

Package

Name: twitter-bootstrap-rails
Purl: pkg:gem/twitter-bootstrap-rails

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.0.0

Affected versions

0.*

0.0.3

0.0.4

0.0.5

1.*

1.3.0

1.3.1

1.4.0

1.4.1

1.4.2

1.4.3

2.*

2.0rc0

2.0

2.0.0

2.0.1

2.0.1.0

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2.0

2.2.1

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

3.*

3.2.0

3.2.1.rc1

3.2.2

4.*

4.0.0

5.*

5.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json"