Merge pull request #3281 from github/roka-actico-GHSA-4p24-vmcr-4gqj

github · Jan 12, 2024 · 56ab059 · 56ab059
2 parents e73f40b + 43fb037
commit 56ab059
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/advisories/github-reviewed/2019/01/GHSA-4p24-vmcr-4gqj/GHSA-4p24-vmcr-4gqj.json b/advisories/github-reviewed/2019/01/GHSA-4p24-vmcr-4gqj/GHSA-4p24-vmcr-4gqj.json
@@ -7,7 +7,7 @@
     "CVE-2016-10735"
   ],
   "summary": "Bootstrap XSS vulnerability",
-  "details": "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041.\n\nSee https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.",
+  "details": "Since Bootstrap 2.0.4 and 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041.\n\nSee https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "3.0.0"
+              "introduced": "2.0.4"
             },
             {
               "fixed": "3.4.0"
@@ -114,6 +114,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/twbs/bootstrap"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jsbin.com/dahojakupe/edit?html,output"
     }
   ],
   "database_specific": {