Open mend-for-github-com[bot] opened 1 week ago
WebJar for Bootstrap
Library home page: http://webjars.org
Path to dependency file: /web/nibrs-admin/pom.xml
Path to vulnerable library: /web/nibrs-admin/pom.xml
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Dependency Hierarchy: - :x: **bootstrap-4.3.1.jar** (Vulnerable Library)
Found in base branch: master
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. Publish Date: 2024-07-11 URL: CVE-2024-6531
Publish Date: 2024-07-11
URL: CVE-2024-6531
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: Low - Availability Impact: Low
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-vc8w-jr9v-vj7f
Release Date: 2024-07-11
Fix Resolution: 5.0.0-beta1
:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.
WebJar for Bootstrap
Library home page: http://webjars.org
Path to dependency file: /web/nibrs-admin/pom.xml
Path to vulnerable library: /web/nibrs-admin/pom.xml
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-6531
### Vulnerable Library - bootstrap-4.3.1.jarWebJar for Bootstrap
Library home page: http://webjars.org
Path to dependency file: /web/nibrs-admin/pom.xml
Path to vulnerable library: /web/nibrs-admin/pom.xml
Dependency Hierarchy: - :x: **bootstrap-4.3.1.jar** (Vulnerable Library)
Found in base branch: master
### Vulnerability DetailsA vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
### CVSS 3 Score Details (6.4)Publish Date: 2024-07-11
URL: CVE-2024-6531
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-vc8w-jr9v-vj7f
Release Date: 2024-07-11
Fix Resolution: 5.0.0-beta1
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.