Bootstrap
why dependency track consider bootstrap version 5.3.3 affected by CVE-2024-6484 ? #41343
-
|
Regarding Depenedncy track tool bootstrap v 5.3.3 is affected. A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
also CVE-2024-6531 |
Beta Was this translation helpful? Give feedback.
-
|
Both bootstrap:5.3.5 | CVE-2024-6484 and bootstrap:5.3.5 | CVE-2024-6531 affect also version 5.3.5 .... Will a correction be coming? |
Beta Was this translation helpful? Give feedback.
-
|
There are no known CVEs for Bootstrap 5 at this time. Please see https://security.snyk.io/package/npm/bootstrap. I'm unsure where your reports are coming from, any insights? |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your feedback . This is a screenshot from dependency track tool that consider bootstrap v5.3.3 is vulnerable (CVE-2024-6484) |
Beta Was this translation helpful? Give feedback.
There are no known CVEs for Bootstrap 5 at this time. Please see https://security.snyk.io/package/npm/bootstrap. I'm unsure where your reports are coming from, any insights?