Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-46nt-zqbd-7fe3

Summary

Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
## Withdrawn Advisory
This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE:

> This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.

## Original Description
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

Aliases

alias	CVE-2024-6484

alias	GHSA-9mvj-f7w8-pvh2

Fixed_packages

Affected_packages

url pkg:composer/twbs/bootstrap@2.0.0

purl pkg:composer/twbs/bootstrap@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/twbs/bootstrap@2.0.0

url pkg:composer/twbs/bootstrap@3.4.1

purl pkg:composer/twbs/bootstrap@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/twbs/bootstrap@3.4.1

url pkg:gem/bootstrap@2.0.0

purl pkg:gem/bootstrap@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bootstrap@2.0.0

url pkg:gem/bootstrap@3.4.1

purl pkg:gem/bootstrap@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bootstrap@3.4.1

url pkg:gem/bootstrap-sass@2.0.0

purl pkg:gem/bootstrap-sass@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

vulnerability	VCID-4wt8-wyvc-1uca

vulnerability	VCID-dxpb-rn46-rbd8

vulnerability	VCID-hbhg-1exc-kbfy

vulnerability	VCID-r4qe-549h-nfh1

vulnerability	VCID-vsty-6vqf-pkeg

vulnerability	VCID-wezb-6dbp-nfer

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bootstrap-sass@2.0.0

url pkg:gem/bootstrap-sass@3.4.1

purl pkg:gem/bootstrap-sass@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

vulnerability	VCID-wezb-6dbp-nfer

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bootstrap-sass@3.4.1

url pkg:maven/org.webjars/bootstrap@2.0.0

purl pkg:maven/org.webjars/bootstrap@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.webjars/bootstrap@2.0.0

url pkg:maven/org.webjars/bootstrap@3.4.1

purl pkg:maven/org.webjars/bootstrap@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.webjars/bootstrap@3.4.1

url pkg:maven/org.webjars.npm/bootstrap@2.0.0

purl pkg:maven/org.webjars.npm/bootstrap@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.webjars.npm/bootstrap@2.0.0

url pkg:maven/org.webjars.npm/bootstrap@3.4.1

purl pkg:maven/org.webjars.npm/bootstrap@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.webjars.npm/bootstrap@3.4.1

url pkg:npm/bootstrap@2.0.0

purl pkg:npm/bootstrap@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap@2.0.0

url pkg:npm/bootstrap@3.4.1

purl pkg:npm/bootstrap@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

vulnerability	VCID-ku3b-ypqd-uqap

vulnerability	VCID-ubhy-z4mv-1fcx

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap@3.4.1

url pkg:npm/bootstrap-sass@2.0.0

purl pkg:npm/bootstrap-sass@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-sass@2.0.0

url pkg:npm/bootstrap-sass@3.4.3

purl pkg:npm/bootstrap-sass@3.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-sass@3.4.3

url pkg:nuget/bootstrap@2.0.0

purl pkg:nuget/bootstrap@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap@2.0.0

url pkg:nuget/bootstrap@3.4.1

purl pkg:nuget/bootstrap@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap@3.4.1

url pkg:nuget/bootstrap.sass@2.0.0

purl pkg:nuget/bootstrap.sass@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap.sass@2.0.0

url pkg:nuget/bootstrap.sass@3.4.1

purl pkg:nuget/bootstrap.sass@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46nt-zqbd-7fe3

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap.sass@3.4.1

References

reference_url

https://github.com/twbs/bootstrap

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/twbs/bootstrap

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-6484

reference_id

CVE-2024-6484

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-6484

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2024-6484

reference_id

CVE-2024-6484

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.herodevs.com/vulnerability-directory/cve-2024-6484

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6484.yml

reference_id

CVE-2024-6484.YML

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6484.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2024-6484.yml

reference_id

CVE-2024-6484.YML

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2024-6484.yml

reference_url	https://github.com/advisories/GHSA-9mvj-f7w8-pvh2
reference_id	GHSA-9mvj-f7w8-pvh2
reference_type
scores
url	https://github.com/advisories/GHSA-9mvj-f7w8-pvh2

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-46nt-zqbd-7fe3

Vulnerability Instance