Closed mend-for-github-com[bot] closed 2 years ago
:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.
:information_source: This issue was automatically re-opened by WhiteSource because the vulnerable library in the specific branch(es) has been detected in the WhiteSource inventory.
:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.
:information_source: This issue was automatically re-opened by WhiteSource because the vulnerable library in the specific branch(es) has been detected in the WhiteSource inventory.
:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.
CVE-2018-14040 - Medium Severity Vulnerability
Vulnerable Libraries - bootstrap-3.1.1.min.js, bootstrap-3.3.7.jar
bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
Dependency Hierarchy: - :x: **bootstrap-3.1.1.min.js** (Vulnerable Library)
bootstrap-3.3.7.jar
WebJar for Bootstrap
Library home page: http://webjars.org
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar,/home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar
Dependency Hierarchy: - :x: **bootstrap-3.3.7.jar** (Vulnerable Library)
Found in HEAD commit: b08d4668e4e2496d51c65e4230b2f5bb7e0750b6
Found in base branch: add_test_clientside_filtering
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
CVSS 3 Score Details (6.1)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/twbs/bootstrap/pull/26630
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0