Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.4.0/bootstrap-3.4.0.jar,/m2/repository/org/webjars/bootstrap/3.4.0/bootstrap-3.4.0.jar
Path to vulnerable library: /webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js,/webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js
CVE-2019-8331 - Medium Severity Vulnerability
bootstrap-3.4.0.jar
WebJar for Bootstrap
Library home page: http://webjars.org
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.4.0/bootstrap-3.4.0.jar,/m2/repository/org/webjars/bootstrap/3.4.0/bootstrap-3.4.0.jar
Dependency Hierarchy: - :x: **bootstrap-3.4.0.jar** (Vulnerable Library)
bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js,/webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js
Dependency Hierarchy: - :x: **bootstrap-3.1.1.min.js** (Vulnerable Library)
Found in HEAD commit: 3f40aaa55b2c1a3432a061c27496ea82f484838a
Found in base branch: develop
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2019-02-20
Fix Resolution: 3.4.1
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.