Описание
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| twitter-bootstrap4 | not-affected | package | ||
| twitter-bootstrap3 | fixed | 3.4.0+dfsg-1 | package | |
| twitter-bootstrap3 | fixed | 3.3.7+dfsg-2+deb9u1 | stretch | package |
| twitter-bootstrap3 | no-dsa | jessie | package |
Примечания
https://github.com/twbs/bootstrap/commit/bcad4bcb5f5a9ef079b2883a48a698b35261e083 (v4.0.0-beta.2)
https://github.com/twbs/bootstrap/commit/29f9237f735b90dbc89e003db0c62dec2db0b308 (v3.4.0)
https://github.com/twbs/bootstrap/commit/13bf8aeae3db71e28af69782328c22215795c169 (v3.4.0)
https://github.com/twbs/bootstrap/issues/20184
hhtps://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
https://github.com/twbs/bootstrap/pull/23679
https://github.com/twbs/bootstrap/pull/23687
https://github.com/twbs/bootstrap/pull/26460
EPSS
Связанные уязвимости
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
EPSS