Known vulnerability found - CVE-2018-14041

Labs64 / laravel-boilerplate

Laravel Boilerplate / Starter Kit with Gentelella Admin Theme

https://github.com/Labs64/laravel-boilerplate/wiki

MIT License

917 stars 328 forks source link

Known vulnerability found - CVE-2018-14041 #47

Closed r-brown closed 5 years ago

r-brown commented 6 years ago

Known vulnerability found CVE-2018-14041 Moderate severity

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042. package.json update suggested: bootstrap ~> 4.1.2

yushkevich commented 5 years ago

This is impossible for now. Because of the theme that we are using for - 'gentelella'. There is now support for bootstrap version 4. But work is in progress. https://github.com/ColorlibHQ/gentelella/issues/268

r-brown commented 5 years ago

Issue status: pending Until ColorlibHQ/gentelella#268 resolution

r-brown commented 5 years ago

deferred