Stackle is an web communication portal aimed at providing Open Source organizations a platform to have discussions on their github projects and their issues. It provides Github intergration which allows adminstrator of an organization to create a forum thread for the particualr organization. Users signing in is able to view forums of the organizations they contribute to and engage in the forum discussions.
Vulnerable Bootstrap Library V 3.3.
Changes proposed in the pull request
Impact
User accounts can be hijacked, credentials could be stolen, sensitive data could be exfiltrated
Other information
CVE-2019-8331 CVE-2018-14041 CVE-2018-14040
Reference: https://github.com/twbs/bootstrap/issues/28236 https://github.com/twbs/bootstrap/issues/20184