This repository has been archived by the owner on May 9, 2024. It is now read-only.
CVE-2019-8331 (Medium) detected in bootstrap-4.3.0.tgz #152
Labels
security vulnerability
Security vulnerability detected by WhiteSource
CVE-2019-8331 - Medium Severity Vulnerability
Vulnerable Library - bootstrap-4.3.0.tgz
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-4.3.0.tgz
Path to dependency file: /cla-bot/package.json
Path to vulnerable library: /cla-bot/node_modules/bootstrap/package.json
Dependency Hierarchy:
Found in HEAD commit: 028d5fbb020bd766723483bfc18189e3f59f46b7
Vulnerability Details
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#28236
Release Date: 2019-02-20
Fix Resolution: 3.4.1, 4.3.1
The text was updated successfully, but these errors were encountered: