VulnerableCode Package Details - pkg:gem/bootstrap-sass@3.2.0.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/bootstrap-sass@3.2.0.3

Essentials
History (3)

purl	pkg:gem/bootstrap-sass@3.2.0.3
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-fweg-dvej-dbfh Aliases: CVE-2019-10842 GHSA-vqqv-v9m2-48p2	Malicious Package An unauthenticated attacker can craft the `___cfduid` cookie value with base64 arbitrary code to be executed via `eval()`, which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated to the `__cfduid` cookie that is legitimately used by Cloudflare.	3.2.0.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:57:24.323704+00:00	GHSA Importer	Affected by	VCID-fweg-dvej-dbfh	https://github.com/advisories/GHSA-vqqv-v9m2-48p2	38.0.0
2026-04-01T13:04:10.130294+00:00	GithubOSV Importer	Affected by	VCID-fweg-dvej-dbfh	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-vqqv-v9m2-48p2/GHSA-vqqv-v9m2-48p2.json	38.0.0
2026-04-01T12:48:23.427668+00:00	GitLab Importer	Affected by	VCID-fweg-dvej-dbfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2019-10842.yml	38.0.0