Version 3.4.1

bootstrap-sass

bootstrap-sass is a Sass-powered version of Bootstrap 3, ready to drop right into your Sass powered applications.

Install Instructions

gem install bootstrap-sass
Current Version Release Date February 13, 2019
Language Ruby
Package URL (purl) pkg:gem/bootstrap-sass@3.4.1

Find bootstrap-sass vulnerabilities in your supply chain.

Scan for Free

bootstrap-sass Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2016-10735 Medium 6.1 CWE-79 0.00133 0.49423
  • 3.0.0.0–3.3.7
  • 2.0.4.0–2.3.2.2
CVE-2018-14040 Medium 6.1 CWE-79 0.00572 0.77997
  • 3.0.0.0–3.3.7
  • 2.3.0.0–2.3.2.2
CVE-2018-14042 Medium 6.1 CWE-79 0.004 0.73562
  • 3.0.0.0–3.3.7
  • 2.3.0.0–2.3.2.2
CVE-2018-20676 Medium 6.1 CWE-79 0.00153 0.52489
  • 3.0.0.0–3.3.7
  • 2.0.0–2.3.2.2
  • 1.2.0–1.4.4
CVE-2018-20677 Medium 6.1 CWE-79 0.00259 0.65117
  • 3.0.0.0–3.3.7
  • 2.0.0–2.3.2.2
  • 1.2.0–1.4.4
CVE-2019-8331 Medium 6.1 CWE-79 0.01324 0.85864
  • 3.0.0.0–3.4.0
CVE-2024-6484 Medium 6.4 CWE-79 0.00043 0.11437
  • 3.0.0.0–3.4.1
  • 2.0.0–2.3.2.2

bootstrap-sass Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2024-6484 A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. 3.3.6, 2.0.4.0, 3.1.1.1, 3.3.2.0, 2.0.0, 3.4.0, 3.3.5.1, 2.3.2.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2019-8331 In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. 3.3.6, 3.1.1.1, 3.3.2.0, 3.4.0, 3.3.5.1, 3.1.0.2, 3.0.1.0, 3.3.7 (Show all) Patch → NO_SAFE_VERSION
CVE-2018-20677 In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. 3.3.6, 2.0.4.0, 3.1.1.1, 3.3.2.0, 2.0.0, 3.3.5.1, 2.3.2.2, 2.3.0.1 (Show all) Patch → NO_SAFE_VERSION
CVE-2018-20676 In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. 3.3.6, 2.0.4.0, 3.1.1.1, 3.3.2.0, 2.0.0, 3.3.5.1, 2.3.2.2, 2.3.0.1 (Show all) Patch → NO_SAFE_VERSION
CVE-2018-14042 In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. 3.3.6, 3.1.1.1, 3.3.2.0, 3.3.5.1, 2.3.2.2, 2.3.0.1, 2.3.1.0, 2.3.1.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2018-14040 In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. 3.3.6, 3.1.1.1, 3.3.2.0, 3.3.5.1, 2.3.2.2, 2.3.0.1, 2.3.1.0, 2.3.1.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2016-10735 In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. 3.3.6, 2.0.4.0, 3.1.1.1, 3.3.2.0, 3.3.5.1, 2.3.2.2, 2.3.0.1, 2.3.1.0 (Show all) Patch → NO_SAFE_VERSION

Instantly see if these bootstrap-sass vulnerabilities affect your code.

Scan for Free

Dependencies

Packages using versions of bootstrap-sass affected by its vulnerabilities

Dependent Packages
autoprefixer-rails>= 5.2.1
sassc>= 2.0.0