[MAVEN:GHSA-3MGP-FX93-9XV5] XSS vulnerability that affects bootstrap

Severity Moderate

Affected Packages 7

Fixed Packages 7

CVEs 1

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

Package	Affected Version
pkg:maven/twbs/bootstrap	< 3.4.0
pkg:maven/org.webjars/bootstrap	< 3.4.0
pkg:maven/bootstrap-sass	< 3.4.0
pkg:maven/bootstrap-sass	< 3.4.0
pkg:maven/bootstrap	< 3.4.0
pkg:maven/bootstrap	< 3.4.0
pkg:maven/bootstrap	< 3.4.0

Package	Fixed Version
pkg:maven/twbs/bootstrap	= 3.4.0
pkg:maven/org.webjars/bootstrap	= 3.4.0
pkg:maven/bootstrap-sass	= 3.4.0
pkg:maven/bootstrap-sass	= 3.4.0
pkg:maven/bootstrap	= 3.4.0
pkg:maven/bootstrap	= 3.4.0
pkg:maven/bootstrap	= 3.4.0

ID

MAVEN:GHSA-3MGP-FX93-9XV5

Severity

moderate

URL

https://github.com/advisories/GHSA-3mgp-fx93-9xv5

Published

2019-01-17T13:57:34
(5 years ago)

Modified

2024-08-01T21:03:26
(6 weeks ago)

Rights

Maven Security Team

Other Advisories

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2018-20676
			https://github.com/twbs/bootstrap/issues/27044
			https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
			https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
			https://github.com/twbs/bootstrap/pull/27047
			https://access.redhat.com/errata/RHBA-2019:1076
			https://access.redhat.com/errata/RHBA-2019:1570
			https://access.redhat.com/errata/RHSA-2019:1456
			https://access.redhat.com/errata/RHSA-2019:3023
			https://access.redhat.com/errata/RHSA-2020:0132
			https://access.redhat.com/errata/RHSA-2020:0133
			https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
			https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
			https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
			https://github.com/advisories/GHSA-3mgp-fx93-9xv5

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/twbs/bootstrap	twbs	bootstrap	< 3.4.0
Fixed	pkg:maven/twbs/bootstrap	twbs	bootstrap	= 3.4.0
Affected	pkg:maven/org.webjars/bootstrap	org.webjars	bootstrap	< 3.4.0
Fixed	pkg:maven/org.webjars/bootstrap	org.webjars	bootstrap	= 3.4.0
Affected	pkg:maven/bootstrap-sass		bootstrap-sass	< 3.4.0
Fixed	pkg:maven/bootstrap-sass		bootstrap-sass	= 3.4.0
Affected	pkg:maven/bootstrap-sass		bootstrap-sass	< 3.4.0
Fixed	pkg:maven/bootstrap-sass		bootstrap-sass	= 3.4.0
Affected	pkg:maven/bootstrap		bootstrap	< 3.4.0
Fixed	pkg:maven/bootstrap		bootstrap	= 3.4.0
Affected	pkg:maven/bootstrap		bootstrap	< 3.4.0
Fixed	pkg:maven/bootstrap		bootstrap	= 3.4.0
Affected	pkg:maven/bootstrap		bootstrap	< 3.4.0
Fixed	pkg:maven/bootstrap		bootstrap	= 3.4.0

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date