diff --git a/advisories/github-reviewed/2024/07/GHSA-vc8w-jr9v-vj7f/GHSA-vc8w-jr9v-vj7f.json b/advisories/github-reviewed/2024/07/GHSA-vc8w-jr9v-vj7f/GHSA-vc8w-jr9v-vj7f.json
index 7a2fac125ad64..a5ab2d403ec9c 100644
--- a/advisories/github-reviewed/2024/07/GHSA-vc8w-jr9v-vj7f/GHSA-vc8w-jr9v-vj7f.json
+++ b/advisories/github-reviewed/2024/07/GHSA-vc8w-jr9v-vj7f/GHSA-vc8w-jr9v-vj7f.json
@@ -1,21 +1,17 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vc8w-jr9v-vj7f",
- "modified": "2024-08-16T18:15:21Z",
+ "modified": "2024-08-16T18:15:22Z",
"published": "2024-07-11T18:31:14Z",
"aliases": [
"CVE-2024-6531"
],
"summary": "Bootstrap Cross-Site Scripting (XSS) vulnerability",
- "details": "A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.",
+ "details": "A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.\n\nWhile no patch exists in Bootstrap v4 users of v4 may use [Bootstrap NES](https://www.herodevs.com/support/nes-bootstrap) (paid) for extended security support. Users of bootstrap are encouraged to migrate to Bootstrap v5. ",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L"
- },
- {
- "type": "CVSS_V4",
- "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L"
}
],
"affected": [
@@ -32,11 +28,14 @@
"introduced": "4.0.0"
},
{
- "last_affected": "4.6.2"
+ "fixed": ">=5"
}
]
}
- ]
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 4.6.2"
+ }
},
{
"package": {
@@ -51,11 +50,14 @@
"introduced": "4.0.0"
},
{
- "last_affected": "4.6.2"
+ "fixed": ">=5"
}
]
}
- ]
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 4.6.2"
+ }
},
{
"package": {
@@ -70,11 +72,14 @@
"introduced": "4.0.0"
},
{
- "last_affected": "4.6.2"
+ "fixed": ">=5"
}
]
}
- ]
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 4.6.2"
+ }
},
{
"package": {
@@ -89,11 +94,14 @@
"introduced": "4.0.0"
},
{
- "last_affected": "4.6.2"
+ "fixed": ">=5"
}
]
}
- ]
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 4.6.2"
+ }
},
{
"package": {
@@ -108,11 +116,14 @@
"introduced": "4.0.0"
},
{
- "last_affected": "4.6.2"
+ "fixed": ">=5"
}
]
}
- ]
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 4.6.2"
+ }
},
{
"package": {
@@ -127,11 +138,14 @@
"introduced": "4.0.0"
},
{
- "last_affected": "4.6.2"
+ "fixed": ">=5"
}
]
}
- ]
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 4.6.2"
+ }
},
{
"package": {
@@ -146,11 +160,14 @@
"introduced": "4.0.0"
},
{
- "last_affected": "4.6.2"
+ "fixed": ">=5"
}
]
}
- ]
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 4.6.2"
+ }
}
],
"references": [