Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bootstrap Cross-Site Scripting (XSS) vulnerability - CVE-2024-6484 #1251

Open
PeterVenhuizen opened this issue Aug 7, 2024 · 5 comments
Open

Comments

@PeterVenhuizen
Copy link

As identified by our bundle audit job in the CI:

Name: bootstrap-sass
Version: 3.4.1
CVE: CVE-2024-6484
GHSA: GHSA-9mvj-f7w8-pvh2
Criticality: Medium
URL: https://github.com/advisories/GHSA-9mvj-f7w8-pvh2
Title: Bootstrap Cross-Site Scripting (XSS) vulnerability
Solution: remove or disable this gem until a patch is available!

Text from the GitHub advisories:
"A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser."

@doconnor-clintel
Copy link

doconnor-clintel commented Aug 21, 2024

https://www.herodevs.com/vulnerability-directory/cve-2024-6484

How is this a CVE!

You have to put your own hyperlink with malicious javascript on the page:

<a
    href="javascript:alert('XSS href')"
    class="left"
    role="button"
    data-slide="prev"
  >

@PBaciu
Copy link

PBaciu commented Sep 7, 2024

Would sanitizing the href value in the carousel data api be a sufficient fix? If so, I could fork the repo and put a PR up.

@PoroshkinaVV
Copy link

@twbs please, pay attention to this problem

@hocine15
Copy link

is there any solution for this issue? will this be patched or not?

@pau1phi11ips
Copy link

It's this really an issue? If you're building Carousels with unchecked user provided URLs, then that is the problem. I don't think it should be down to TWS to do the sanitisation here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants