VulnerableCode Package Details - pkg:gem/twitter-bootstrap-rails@2.1.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-3ygq-cbu4-23ad Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g	Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.	There are no reported fixed by versions.
VCID-cv4x-qzn7-e3ap Aliases: CVE-2014-4920 GHSA-vpqv-mqvc-pcx2 OSV-109206	Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a reflected cross-site scripting (XSS) attack. This flaw exists because the bootstrap_flash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.	3.2.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-3ygq-cbu4-23ad
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g

Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.

There are no reported fixed by versions.

VCID-cv4x-qzn7-e3ap
Aliases:
CVE-2014-4920
GHSA-vpqv-mqvc-pcx2
OSV-109206

Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a reflected cross-site scripting (XSS) attack. This flaw exists because the bootstrap_flash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

3.2.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T17:32:48.625855+00:00	GitLab Importer	Affected by	VCID-3ygq-cbu4-23ad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2019-8331.yml	37.0.0
2025-07-03T17:12:34.681538+00:00	GitLab Importer	Affected by	VCID-cv4x-qzn7-e3ap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2014-4920.yml	37.0.0
2025-07-03T14:30:45.342204+00:00	Ruby Importer	Affected by	VCID-cv4x-qzn7-e3ap	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/twitter-bootstrap-rails/CVE-2014-4920.yml	37.0.0