You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Today I generated a rails app with bootstrap 4.
But github says I'm vulnerable to XSS attacks.
1 bootstrap vulnerability found in Gemfile.lock 3 minutes ago
Remediation
Upgrade bootstrap to version 4.1.2 or later. For example:
gem "bootstrap", ">= 4.1.2"
Always verify the validity and compatibility of suggestions with your codebase.
Details CVE-2018-14042 More information
moderate severity
Vulnerable versions: < 4.1.2
Patched version: 4.1.2
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.
The text was updated successfully, but these errors were encountered:
Today I generated a rails app with bootstrap 4.
But github says I'm vulnerable to XSS attacks.
1 bootstrap vulnerability found in Gemfile.lock 3 minutes ago
Remediation
Upgrade bootstrap to version 4.1.2 or later. For example:
gem "bootstrap", ">= 4.1.2"
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2018-14042 More information
moderate severity
Vulnerable versions: < 4.1.2
Patched version: 4.1.2
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.
The text was updated successfully, but these errors were encountered: