WS-2018-0021 (Medium) detected in bootstrap-3.3.5.min.js
Closed this issue · 0 comments
WS-2018-0021 - Medium Severity Vulnerability
Vulnerable Library - bootstrap-3.3.5.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
Path to dependency file: /tmp/ws-scm/PortfolioSite/node_modules/react-numeric-input/docs/index.html
Path to vulnerable library: /PortfolioSite/node_modules/react-numeric-input/docs/index.html
Dependency Hierarchy:
- ❌ bootstrap-3.3.5.min.js (Vulnerable Library)
Found in HEAD commit: 5e211947fdfe3701bd2dc55db9ed2cf44fc06c98
Vulnerability Details
XSS in data-target in bootstrap (3.3.7 and before)
Publish Date: 2017-09-29
URL: WS-2018-0021
CVSS 2 Score Details (6.5)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#20184
Release Date: 2019-06-12
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here