📂 Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /src/main/resources/lessons/challenges/js/bootstrap.min.js
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2024-6485 |
🟠 Medium |
6.4 |
Not Defined |
< 1% |
bootstrap-3.1.1.min.js |
Direct |
https://github.com/twbs/bootstrap.git - v4.0.0 |
❌ |
|
| CVE-2018-14040 |
🟠 Medium |
6.1 |
Not Defined |
1.92% |
bootstrap-3.1.1.min.js |
Direct |
bootstrap - 3.4.0,4.1.2,https://github.com/twbs/bootstrap.git - v4.1.2 |
❌ |
|
| CVE-2018-14042 |
🟠 Medium |
6.1 |
Not Defined |
2.281% |
bootstrap-3.1.1.min.js |
Direct |
bootstrap - 3.4.0,4.1.2,bootstrap-sass - 3.4.0,bootstrap - 4.1.2,org.webjars:bootstrap:4.1.2,bootstrap - 4.1.2,bootstrap - 3.4.0,bootstrap - 3.4.0,bootstrap-sass - 3.4.0,org.webjars:bootstrap:3.4.0 |
❌ |
|
| CVE-2018-20677 |
🟠 Medium |
6.1 |
Not Defined |
9.805% |
bootstrap-3.1.1.min.js |
Direct |
bootstrap - 3.4.0,bootstrap - 3.4.0,bootstrap-sass - 3.4.0,bootstrap - 3.4.0,org.webjars:bootstrap:3.4.0,bootstrap-sass - 3.4.0 |
❌ |
|
| CVE-2019-8331 |
🟠 Medium |
6.1 |
Not Defined |
1.668% |
bootstrap-3.1.1.min.js |
Direct |
bootstrap-sass - 3.4.1,bootstrap - 3.4.1,bootstrap.sass - 4.3.1,org.webjars:bootstrap:4.3.1,bootstrap - 4.3.1,bootstrap.less - 3.4.1,org.webjars:bootstrap:3.4.1,bootstrap - 4.3.1,bootstrap - 4.3.1,bootstrap-sass - 3.4.1,bootstrap - 3.4.1 |
❌ |
|
Details
🟠CVE-2024-6485
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /src/main/resources/lessons/challenges/js/bootstrap.min.js
Dependency Hierarchy:
- ❌ bootstrap-3.1.1.min.js (Vulnerable Library)
Vulnerability Details
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.
Publish Date: Jul 11, 2024 05:08 PM
URL: CVE-2024-6485
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 6.4
Suggested Fix
Type: Upgrade version
Origin: https://getbootstrap.com/docs/3.3/javascript/#buttons
Release Date: Jul 11, 2024 05:08 PM
Fix Resolution : https://github.com/twbs/bootstrap.git - v4.0.0
🟠CVE-2018-14040
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /src/main/resources/lessons/challenges/js/bootstrap.min.js
Dependency Hierarchy:
- ❌ bootstrap-3.1.1.min.js (Vulnerable Library)
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: Jul 13, 2018 02:00 PM
URL: CVE-2018-14040
Threat Assessment
Exploit Maturity:Not Defined
EPSS:1.92%
Score: 6.1
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14040
Release Date: Jul 13, 2018 02:00 PM
Fix Resolution : bootstrap - 3.4.0,4.1.2,https://github.com/twbs/bootstrap.git - v4.1.2
🟠CVE-2018-14042
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /src/main/resources/lessons/challenges/js/bootstrap.min.js
Dependency Hierarchy:
- ❌ bootstrap-3.1.1.min.js (Vulnerable Library)
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: Jul 13, 2018 02:00 PM
URL: CVE-2018-14042
Threat Assessment
Exploit Maturity:Not Defined
EPSS:2.281%
Score: 6.1
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042
Release Date: Jul 13, 2018 02:00 PM
Fix Resolution : bootstrap - 3.4.0,4.1.2,bootstrap-sass - 3.4.0,bootstrap - 4.1.2,org.webjars:bootstrap:4.1.2,bootstrap - 4.1.2,bootstrap - 3.4.0,bootstrap - 3.4.0,bootstrap-sass - 3.4.0,org.webjars:bootstrap:3.4.0
🟠CVE-2018-20677
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /src/main/resources/lessons/challenges/js/bootstrap.min.js
Dependency Hierarchy:
- ❌ bootstrap-3.1.1.min.js (Vulnerable Library)
Vulnerability Details
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
Publish Date: Jan 09, 2019 05:00 AM
URL: CVE-2018-20677
Threat Assessment
Exploit Maturity:Not Defined
EPSS:9.805%
Score: 6.1
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-20677
Release Date: Jan 09, 2019 05:00 AM
Fix Resolution : bootstrap - 3.4.0,bootstrap - 3.4.0,bootstrap-sass - 3.4.0,bootstrap - 3.4.0,org.webjars:bootstrap:3.4.0,bootstrap-sass - 3.4.0
🟠CVE-2019-8331
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /src/main/resources/lessons/challenges/js/bootstrap.min.js
Dependency Hierarchy:
- ❌ bootstrap-3.1.1.min.js (Vulnerable Library)
Vulnerability Details
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: Feb 20, 2019 04:00 PM
URL: CVE-2019-8331
Threat Assessment
Exploit Maturity:Not Defined
EPSS:1.668%
Score: 6.1
Suggested Fix
Type: Upgrade version
Origin: GHSA-9v3m-8fp8-mj99
Release Date: Feb 20, 2019 04:00 PM
Fix Resolution : bootstrap-sass - 3.4.1,bootstrap - 3.4.1,bootstrap.sass - 4.3.1,org.webjars:bootstrap:4.3.1,bootstrap - 4.3.1,bootstrap.less - 3.4.1,org.webjars:bootstrap:3.4.1,bootstrap - 4.3.1,bootstrap - 4.3.1,bootstrap-sass - 3.4.1,bootstrap - 3.4.1
📂 Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /src/main/resources/lessons/challenges/js/bootstrap.min.js
Findings
Details
🟠CVE-2024-6485
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /src/main/resources/lessons/challenges/js/bootstrap.min.js
Dependency Hierarchy:
Vulnerability Details
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.
Publish Date: Jul 11, 2024 05:08 PM
URL: CVE-2024-6485
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 6.4
Suggested Fix
Type: Upgrade version
Origin: https://getbootstrap.com/docs/3.3/javascript/#buttons
Release Date: Jul 11, 2024 05:08 PM
Fix Resolution : https://github.com/twbs/bootstrap.git - v4.0.0
🟠CVE-2018-14040
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /src/main/resources/lessons/challenges/js/bootstrap.min.js
Dependency Hierarchy:
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: Jul 13, 2018 02:00 PM
URL: CVE-2018-14040
Threat Assessment
Exploit Maturity:Not Defined
EPSS:1.92%
Score: 6.1
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14040
Release Date: Jul 13, 2018 02:00 PM
Fix Resolution : bootstrap - 3.4.0,4.1.2,https://github.com/twbs/bootstrap.git - v4.1.2
🟠CVE-2018-14042
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /src/main/resources/lessons/challenges/js/bootstrap.min.js
Dependency Hierarchy:
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: Jul 13, 2018 02:00 PM
URL: CVE-2018-14042
Threat Assessment
Exploit Maturity:Not Defined
EPSS:2.281%
Score: 6.1
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042
Release Date: Jul 13, 2018 02:00 PM
Fix Resolution : bootstrap - 3.4.0,4.1.2,bootstrap-sass - 3.4.0,bootstrap - 4.1.2,org.webjars:bootstrap:4.1.2,bootstrap - 4.1.2,bootstrap - 3.4.0,bootstrap - 3.4.0,bootstrap-sass - 3.4.0,org.webjars:bootstrap:3.4.0
🟠CVE-2018-20677
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /src/main/resources/lessons/challenges/js/bootstrap.min.js
Dependency Hierarchy:
Vulnerability Details
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
Publish Date: Jan 09, 2019 05:00 AM
URL: CVE-2018-20677
Threat Assessment
Exploit Maturity:Not Defined
EPSS:9.805%
Score: 6.1
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-20677
Release Date: Jan 09, 2019 05:00 AM
Fix Resolution : bootstrap - 3.4.0,bootstrap - 3.4.0,bootstrap-sass - 3.4.0,bootstrap - 3.4.0,org.webjars:bootstrap:3.4.0,bootstrap-sass - 3.4.0
🟠CVE-2019-8331
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /src/main/resources/lessons/challenges/js/bootstrap.min.js
Dependency Hierarchy:
Vulnerability Details
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: Feb 20, 2019 04:00 PM
URL: CVE-2019-8331
Threat Assessment
Exploit Maturity:Not Defined
EPSS:1.668%
Score: 6.1
Suggested Fix
Type: Upgrade version
Origin: GHSA-9v3m-8fp8-mj99
Release Date: Feb 20, 2019 04:00 PM
Fix Resolution : bootstrap-sass - 3.4.1,bootstrap - 3.4.1,bootstrap.sass - 4.3.1,org.webjars:bootstrap:4.3.1,bootstrap - 4.3.1,bootstrap.less - 3.4.1,org.webjars:bootstrap:3.4.1,bootstrap - 4.3.1,bootstrap - 4.3.1,bootstrap-sass - 3.4.1,bootstrap - 3.4.1