Search for packages
Package details: pkg:gem/bootstrap-sass@3.4.0
purl pkg:gem/bootstrap-sass@3.4.0
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.1
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-3ygq-cbu4-23ad
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g
Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.
3.4.1
Affected by 2 other vulnerabilities.
VCID-d4k9-se4n-4fh9
Aliases:
CVE-2024-6484
GHSA-9mvj-f7w8-pvh2
Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. There are no reported fixed by versions.
VCID-e8jt-6jum-n3az
Aliases:
CVE-2018-14040
GHSA-3wqf-4x89-9g79
Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute. There are no reported fixed by versions.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-9gdn-vssr-m3d9 Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041. CVE-2018-14042
GHSA-7mvr-5x2g-wfc8
VCID-e8jt-6jum-n3az Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute. CVE-2018-14040
GHSA-3wqf-4x89-9g79
VCID-f43n-fgru-vqee bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. CVE-2018-20677
GHSA-ph58-4vrj-w6hr
VCID-gmca-n7as-2yap XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. CVE-2018-20676
GHSA-3mgp-fx93-9xv5
VCID-w6v5-nfgx-rbbx Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info. CVE-2016-10735
GHSA-4p24-vmcr-4gqj

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T19:09:22.064396+00:00 GitLab Importer Affected by VCID-d4k9-se4n-4fh9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2024-6484.yml 37.0.0
2025-07-03T18:16:22.126785+00:00 GitLab Importer Fixing VCID-e8jt-6jum-n3az https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-14040.yml 37.0.0
2025-07-03T17:32:46.793628+00:00 GitLab Importer Affected by VCID-3ygq-cbu4-23ad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2019-8331.yml 37.0.0
2025-07-03T17:31:18.678503+00:00 GitLab Importer Fixing VCID-f43n-fgru-vqee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20677.yml 37.0.0
2025-07-03T17:31:17.582047+00:00 GitLab Importer Fixing VCID-gmca-n7as-2yap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20676.yml 37.0.0
2025-07-03T17:31:09.906865+00:00 GitLab Importer Fixing VCID-w6v5-nfgx-rbbx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2016-10735.yml 37.0.0
2025-07-03T14:33:13.784097+00:00 Ruby Importer Affected by VCID-d4k9-se4n-4fh9 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2024-6484.yml 37.0.0
2025-07-03T14:32:23.568016+00:00 Ruby Importer Affected by VCID-e8jt-6jum-n3az https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml 37.0.0
2025-07-03T14:32:23.461770+00:00 Ruby Importer Fixing VCID-e8jt-6jum-n3az https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml 37.0.0
2025-07-03T14:32:02.493179+00:00 Ruby Importer Fixing VCID-f43n-fgru-vqee https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml 37.0.0
2025-07-03T14:32:02.326365+00:00 Ruby Importer Fixing VCID-gmca-n7as-2yap https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml 37.0.0
2025-07-01T18:13:19.813591+00:00 GitLab Importer Fixing VCID-e8jt-6jum-n3az https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-14040.yml 36.1.3
2025-07-01T18:11:26.099552+00:00 GitLab Importer Fixing VCID-f43n-fgru-vqee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20677.yml 36.1.3
2025-07-01T18:11:25.943668+00:00 GitLab Importer Fixing VCID-gmca-n7as-2yap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-20676.yml 36.1.3
2025-07-01T18:11:25.060658+00:00 GitLab Importer Fixing VCID-w6v5-nfgx-rbbx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2016-10735.yml 36.1.3
2025-07-01T18:11:09.184497+00:00 GitLab Importer Fixing VCID-9gdn-vssr-m3d9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-14042.yml 36.1.3
2025-07-01T14:32:03.944387+00:00 GHSA Importer Fixing VCID-e8jt-6jum-n3az https://github.com/advisories/GHSA-3wqf-4x89-9g79 36.1.3
2025-07-01T14:29:36.671615+00:00 GHSA Importer Fixing VCID-f43n-fgru-vqee https://github.com/advisories/GHSA-ph58-4vrj-w6hr 36.1.3
2025-07-01T14:29:36.424766+00:00 GHSA Importer Fixing VCID-gmca-n7as-2yap https://github.com/advisories/GHSA-3mgp-fx93-9xv5 36.1.3
2025-07-01T14:29:36.202441+00:00 GHSA Importer Fixing VCID-w6v5-nfgx-rbbx https://github.com/advisories/GHSA-4p24-vmcr-4gqj 36.1.3
2025-07-01T14:29:13.458689+00:00 GHSA Importer Fixing VCID-9gdn-vssr-m3d9 https://github.com/advisories/GHSA-7mvr-5x2g-wfc8 36.1.3
2025-07-01T12:29:05.111915+00:00 GithubOSV Importer Fixing VCID-e8jt-6jum-n3az https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3wqf-4x89-9g79/GHSA-3wqf-4x89-9g79.json 36.1.3
2025-07-01T12:21:49.759949+00:00 GithubOSV Importer Fixing VCID-gmca-n7as-2yap https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-3mgp-fx93-9xv5/GHSA-3mgp-fx93-9xv5.json 36.1.3
2025-07-01T12:21:49.352620+00:00 GithubOSV Importer Fixing VCID-f43n-fgru-vqee https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-ph58-4vrj-w6hr/GHSA-ph58-4vrj-w6hr.json 36.1.3
2025-07-01T12:21:48.631041+00:00 GithubOSV Importer Fixing VCID-w6v5-nfgx-rbbx https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-4p24-vmcr-4gqj/GHSA-4p24-vmcr-4gqj.json 36.1.3
2025-07-01T12:21:10.682261+00:00 GithubOSV Importer Fixing VCID-9gdn-vssr-m3d9 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-7mvr-5x2g-wfc8/GHSA-7mvr-5x2g-wfc8.json 36.1.3