WS-2018-0021 (Medium) detected in bootstrap-2.2.1.min.js

Question

WS-2018-0021 (Medium) detected in bootstrap-2.2.1.min.js

Opened this issue 5 years ago · 0 comments

mend-bolt-for-github commented 5 years ago

WS-2018-0021 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-2.2.1.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.2.1/bootstrap.min.js

Path to dependency file: /tmp/ws-scm/QuizAppUI/QuizApp/LatestAries/aries/editor.html

Path to vulnerable library: /QuizAppUI/QuizApp/LatestAries/aries/js/plugins/bootstrap/bootstrap.min.js,/QuizAppUI/QuizApp/aries/js/plugins/bootstrap/bootstrap.min.js,/QuizAppUI/QuizApp/aries/js/plugins/bootstrap/bootstrap.min.js,/QuizAppUI/QuizApp/QuizApp.UI/js/plugins/bootstrap/bootstrap.min.js,/QuizAppUI/QuizApp/LatestAries/aries/js/plugins/bootstrap/bootstrap.min.js

Dependency Hierarchy:

❌ bootstrap-2.2.1.min.js (Vulnerable Library)

Found in HEAD commit: d37d24b63bfa9b2f3f9b85cb0e4758109d7acea8

Vulnerability Details

XSS in data-target in bootstrap (3.3.7 and before)

Publish Date: 2017-06-27

URL: WS-2018-0021

CVSS 2 Score Details (6.5)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: twbs/bootstrap@d9be1da

Release Date: 2017-08-25

Fix Resolution: Replace or update the following files: alert.js, carousel.js, collapse.js, dropdown.js, modal.js

Step up your Open Source Security Game with WhiteSource here