Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: bootstrap-sass
date: 2019-02-15
url: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/
cve: 2019-8331
title: XSS vulnerability in bootstrap-sass
description: |
  In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible
  in the tooltip or popover data-template attribute.
cvss_v2: '4.3'
cvss_v3: '6.1'
patched_versions:
- ">= 3.4.1"
related:
  url: '["https://github.com/twbs/bootstrap-sass/releases/tag/v3.4.1"]'