VulnerableCode Package Details - pkg:gem/bootstrap@5.0.0.alpha1

Search for packages

Vulnerability	Summary	Fixed by
VCID-qnq4-m5wm-qbhm Aliases: CVE-2024-6531 GHSA-vc8w-jr9v-vj7f	Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability ## Withdrawn Advisory This advisory is withdrawn because it was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded. ## Original Descripton A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	5.0.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-qnq4-m5wm-qbhm
Aliases:
CVE-2024-6531
GHSA-vc8w-jr9v-vj7f

Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability ## Withdrawn Advisory This advisory is withdrawn because it was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded. ## Original Descripton A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

5.0.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-qnq4-m5wm-qbhm	Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability ## Withdrawn Advisory This advisory is withdrawn because it was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded. ## Original Descripton A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	CVE-2024-6531 GHSA-vc8w-jr9v-vj7f

Vulnerability

Summary

Aliases

VCID-qnq4-m5wm-qbhm

CVE-2024-6531
GHSA-vc8w-jr9v-vj7f

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:04:15.660351+00:00	GitLab Importer	Affected by	VCID-qnq4-m5wm-qbhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap/CVE-2024-6531.yml	38.4.0
2026-04-16T03:08:58.080202+00:00	GHSA Importer	Fixing	VCID-qnq4-m5wm-qbhm	https://github.com/advisories/GHSA-vc8w-jr9v-vj7f	38.4.0
2026-04-12T00:22:09.244064+00:00	GitLab Importer	Affected by	VCID-qnq4-m5wm-qbhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap/CVE-2024-6531.yml	38.3.0
2026-04-11T14:37:39.606417+00:00	GHSA Importer	Fixing	VCID-qnq4-m5wm-qbhm	https://github.com/advisories/GHSA-vc8w-jr9v-vj7f	38.3.0
2026-04-03T00:29:44.314829+00:00	GitLab Importer	Affected by	VCID-qnq4-m5wm-qbhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap/CVE-2024-6531.yml	38.1.0
2026-04-02T15:18:17.682054+00:00	GHSA Importer	Fixing	VCID-qnq4-m5wm-qbhm	https://github.com/advisories/GHSA-vc8w-jr9v-vj7f	38.1.0