CVE-2016-10735 (Medium) detected in multiple libraries

[mend-for-github-com[bot]]

CVE-2016-10735 - Medium Severity Vulnerability

Vulnerable Libraries - bootstrap-3.3.4.min.js, bootstrap-popover-2.3.1.js, bootstrap-alert-2.3.1.js, bootstrap-modal-2.3.1.js, bootstrap-tooltip-2.3.1.js, bootstrap-scrollspy-2.3.1.js, bootstrap-transition-2.3.1.js, bootstrap-carousel-2.3.1.js, bootstrap-button-2.3.1.js, bootstrap-affix-2.3.1.js, bootstrap-collapse-2.3.1.js, bootstrap-tab-2.3.1.js

bootstrap-3.3.4.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js

Path to dependency file: /tvaultui/bower_components/ng-table/docs/template/index.template.html

Path to vulnerable library: /tvaultui/bower_components/ng-table/docs/template/index.template.html

Dependency Hierarchy: - :x: **bootstrap-3.3.4.min.js** (Vulnerable Library)

bootstrap-popover-2.3.1.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.3.1/js/bootstrap-popover.js

Path to dependency file: /tvaultui/bower_components/bootstrap/docs/customize.html

Path to vulnerable library: /tvaultui/bower_components/bootstrap/docs/assets/js/bootstrap-popover.js,/tvaultui/bower_components/bootstrap/docs/examples/../assets/js/bootstrap-popover.js

Dependency Hierarchy: - :x: **bootstrap-popover-2.3.1.js** (Vulnerable Library)

bootstrap-alert-2.3.1.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.3.1/js/bootstrap-alert.js

Path to dependency file: /tvaultui/bower_components/bootstrap/docs/customize.html

Path to vulnerable library: /tvaultui/bower_components/bootstrap/docs/assets/js/bootstrap-alert.js,/tvaultui/bower_components/bootstrap/docs/examples/../assets/js/bootstrap-alert.js

Dependency Hierarchy: - :x: **bootstrap-alert-2.3.1.js** (Vulnerable Library)

bootstrap-modal-2.3.1.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.3.1/js/bootstrap-modal.js

Path to dependency file: /tvaultui/bower_components/bootstrap/docs/customize.html

Path to vulnerable library: /tvaultui/bower_components/bootstrap/docs/assets/js/bootstrap-modal.js,/tvaultui/bower_components/bootstrap/docs/examples/../assets/js/bootstrap-modal.js

Dependency Hierarchy: - :x: **bootstrap-modal-2.3.1.js** (Vulnerable Library)

bootstrap-tooltip-2.3.1.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.3.1/js/bootstrap-tooltip.js

Path to dependency file: /tvaultui/bower_components/bootstrap/docs/customize.html

Path to vulnerable library: /tvaultui/bower_components/bootstrap/docs/assets/js/bootstrap-tooltip.js,/tvaultui/bower_components/bootstrap/docs/examples/../assets/js/bootstrap-tooltip.js

Dependency Hierarchy: - :x: **bootstrap-tooltip-2.3.1.js** (Vulnerable Library)

bootstrap-scrollspy-2.3.1.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.3.1/js/bootstrap-scrollspy.js

Path to dependency file: /tvaultui/bower_components/bootstrap/docs/examples/carousel.html

Path to vulnerable library: /tvaultui/bower_components/bootstrap/docs/examples/../assets/js/bootstrap-scrollspy.js,/tvaultui/bower_components/bootstrap/docs/assets/js/bootstrap-scrollspy.js

Dependency Hierarchy: - :x: **bootstrap-scrollspy-2.3.1.js** (Vulnerable Library)

bootstrap-transition-2.3.1.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.3.1/js/bootstrap-transition.js

Path to dependency file: /tvaultui/bower_components/bootstrap/docs/customize.html

Path to vulnerable library: /tvaultui/bower_components/bootstrap/docs/assets/js/bootstrap-transition.js,/tvaultui/bower_components/bootstrap/docs/examples/../assets/js/bootstrap-transition.js

Dependency Hierarchy: - :x: **bootstrap-transition-2.3.1.js** (Vulnerable Library)

bootstrap-carousel-2.3.1.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.3.1/js/bootstrap-carousel.js

Path to dependency file: /tvaultui/bower_components/bootstrap/docs/customize.html

Path to vulnerable library: /tvaultui/bower_components/bootstrap/docs/assets/js/bootstrap-carousel.js,/tvaultui/bower_components/bootstrap/docs/examples/../assets/js/bootstrap-carousel.js

Dependency Hierarchy: - :x: **bootstrap-carousel-2.3.1.js** (Vulnerable Library)

bootstrap-button-2.3.1.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.3.1/js/bootstrap-button.js

Path to dependency file: /tvaultui/bower_components/bootstrap/docs/customize.html

Path to vulnerable library: /tvaultui/bower_components/bootstrap/docs/assets/js/bootstrap-button.js,/tvaultui/bower_components/bootstrap/docs/examples/../assets/js/bootstrap-button.js

Dependency Hierarchy: - :x: **bootstrap-button-2.3.1.js** (Vulnerable Library)

bootstrap-affix-2.3.1.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.3.1/js/bootstrap-affix.js

Path to dependency file: /tvaultui/bower_components/bootstrap/docs/customize.html

Path to vulnerable library: /tvaultui/bower_components/bootstrap/docs/assets/js/bootstrap-affix.js

Dependency Hierarchy: - :x: **bootstrap-affix-2.3.1.js** (Vulnerable Library)

bootstrap-collapse-2.3.1.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.3.1/js/bootstrap-collapse.js

Path to dependency file: /tvaultui/bower_components/bootstrap/docs/examples/carousel.html

Path to vulnerable library: /tvaultui/bower_components/bootstrap/docs/examples/../assets/js/bootstrap-collapse.js,/tvaultui/bower_components/bootstrap/docs/assets/js/bootstrap-collapse.js

Dependency Hierarchy: - :x: **bootstrap-collapse-2.3.1.js** (Vulnerable Library)

bootstrap-tab-2.3.1.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.3.1/js/bootstrap-tab.js

Path to dependency file: /tvaultui/bower_components/bootstrap/docs/customize.html

Path to vulnerable library: /tvaultui/bower_components/bootstrap/docs/assets/js/bootstrap-tab.js,/tvaultui/bower_components/bootstrap/docs/examples/../assets/js/bootstrap-tab.js

Dependency Hierarchy: - :x: **bootstrap-tab-2.3.1.js** (Vulnerable Library)

Found in base branch: dev

Vulnerability Details

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

Publish Date: 2019-01-09

URL: CVE-2016-10735

CVSS 3 Score Details (6.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735

Release Date: 2019-01-09

Fix Resolution: bootstrap - 3.4.0, 4.0.0-beta.2