VulnerableCode Package Details - pkg:gem/bootstrap-sass@2.3.0

Search for packages

Package details: pkg:gem/bootstrap-sass@2.3.0

Essentials
History (6)

purl	pkg:gem/bootstrap-sass@2.3.0
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-9gdn-vssr-m3d9 Aliases: CVE-2018-14042 GHSA-7mvr-5x2g-wfc8	Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.	3.4.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-e8jt-6jum-n3az Aliases: CVE-2018-14040 GHSA-3wqf-4x89-9g79	Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute.	3.4.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T18:13:19.811458+00:00	GitLab Importer	Affected by	VCID-e8jt-6jum-n3az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-14040.yml	36.1.3
2025-07-01T18:11:09.182647+00:00	GitLab Importer	Affected by	VCID-9gdn-vssr-m3d9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap-sass/CVE-2018-14042.yml	36.1.3
2025-07-01T16:58:20.792804+00:00	Ruby Importer	Affected by	VCID-e8jt-6jum-n3az	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml	36.1.3
2025-07-01T16:58:20.768765+00:00	Ruby Importer	Affected by	VCID-9gdn-vssr-m3d9	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml	36.1.3
2025-07-01T14:32:03.942382+00:00	GHSA Importer	Affected by	VCID-e8jt-6jum-n3az	https://github.com/advisories/GHSA-3wqf-4x89-9g79	36.1.3
2025-07-01T14:29:13.456555+00:00	GHSA Importer	Affected by	VCID-9gdn-vssr-m3d9	https://github.com/advisories/GHSA-7mvr-5x2g-wfc8	36.1.3