Title: bootstrap-3.3.4.min.js: 6 vulnerabilities (highest severity is: 5.3) [master] · Issue #39 · amaybaum-dev/BenchmarkJava · GitHub
Open Graph Title: bootstrap-3.3.4.min.js: 6 vulnerabilities (highest severity is: 5.3) [master] · Issue #39 · amaybaum-dev/BenchmarkJava
X Title: bootstrap-3.3.4.min.js: 6 vulnerabilities (highest severity is: 5.3) [master] · Issue #39 · amaybaum-dev/BenchmarkJava
Description: 📂 Vulnerable Library - bootstrap-3.3.4.min.js The most popular front-end framework for developing responsive, mobile first projects on the web. Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstra...
Open Graph Description: 📂 Vulnerable Library - bootstrap-3.3.4.min.js The most popular front-end framework for developing responsive, mobile first projects on the web. Library home page: https://cdnjs.cloudflare.com/ajax/...
X Description: 📂 Vulnerable Library - bootstrap-3.3.4.min.js The most popular front-end framework for developing responsive, mobile first projects on the web. Library home page: https://cdnjs.cloudflare.com/ajax/...
Opengraph URL: https://github.com/amaybaum-dev/BenchmarkJava/issues/39
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"bootstrap-3.3.4.min.js: 6 vulnerabilities (highest severity is: 5.3) [master]","articleBody":"\u003cdetails\u003e\n \u003csummary\u003e📂 Vulnerable Library - \u003cstrong\u003ebootstrap-3.3.4.min.js\u003c/strong\u003e\u003c/summary\u003e\n\nThe most popular front-end framework for developing responsive, mobile first projects on the web.\n\n**Library home page:** [ https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js ](https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js)\n\n**Path to dependency file:** /scorecard/Benchmark_v1.1_Scorecard_for_SAST-04.html\n\n**Path to vulnerable library:** /scorecard/content/js/bootstrap.min.js\n\n\n\u003c/details\u003e\n\n\n# Findings\n| Finding | Severity | 🎯 CVSS | Exploit Maturity | EPSS | Library | Type | Fixed in | Remediation Available | **Reachability** |\n| ------------- | ------------- | ---- | --- | ----- | ----- | ----- | --- | --- | --- |\n| [ CVE-2016-10735 ](https://www.mend.io/vulnerability-database/CVE-2016-10735) | 🟠 Medium | 5.3 | Not Defined | 2.6000001% | bootstrap-3.3.4.min.js | Direct | bootstrap - 3.4.0,bootstrap-sass - 3.4.0,org.webjars:bootstrap:3.4.0,bootstrap - 3.4.0,bootstrap-sass - 3.4.0,bootstrap - 4.0.0-beta.2,org.webjars:bootstrap:4.0.0-beta.2 | ❌ | |\n| [ CVE-2018-14040 ](https://www.mend.io/vulnerability-database/CVE-2018-14040) | 🟠 Medium | 5.3 | Not Defined | 3.3% | bootstrap-3.3.4.min.js | Direct | org.webjars:bootstrap:4.1.2,bootstrap - 3.4.0,bootstrap.sass - 4.1.2,org.webjars:bootstrap:3.4.0,bootstrap - 4.1.2,bootstrap - 4.1.2,bootstrap - 3.4.0,bootstrap-sass - 3.4.0,bootstrap - 4.1.2 | ❌ | |\n| [ CVE-2018-14042 ](https://www.mend.io/vulnerability-database/CVE-2018-14042) | 🟠 Medium | 5.3 | Not Defined | 3.5% | bootstrap-3.3.4.min.js | Direct | org.webjars:bootstrap:3.4.0,bootstrap.sass - 4.1.2,bootstrap-sass - 3.4.0,org.webjars:bootstrap:4.1.2,bootstrap-sass - 3.4.0,bootstrap - 4.1.2,bootstrap - 4.1.2,bootstrap - 3.4.0,bootstrap - 4.1.2,bootstrap - 3.4.0 | ❌ | |\n| [ CVE-2018-20676 ](https://www.mend.io/vulnerability-database/CVE-2018-20676) | 🟠 Medium | 5.3 | Not Defined | 2.7% | bootstrap-3.3.4.min.js | Direct | bootstrap - 3.4.0,bootstrap-sass - 3.4.0,org.webjars:bootstrap:3.4.0,bootstrap - 3.4.0,bootstrap-sass - 3.4.0 | ❌ | |\n| [ CVE-2018-20677 ](https://www.mend.io/vulnerability-database/CVE-2018-20677) | 🟠 Medium | 5.3 | Not Defined | 9.4% | bootstrap-3.3.4.min.js | Direct | bootstrap - 3.4.0,org.webjars:bootstrap:3.4.0,bootstrap-sass - 3.4.0,bootstrap-sass - 3.4.0,bootstrap - 3.4.0 | ❌ | |\n| [ CVE-2019-8331 ](https://www.mend.io/vulnerability-database/CVE-2019-8331) | 🟠 Medium | 5.3 | Not Defined | 2.5% | bootstrap-3.3.4.min.js | Direct | bootstrap-sass - 3.4.1,bootstrap - 4.3.1,org.webjars:bootstrap:4.3.1,bootstrap - 4.3.1,org.webjars:bootstrap:3.4.1,Bootstrap.Less - 3.4.1,bootstrap - 4.3.1,bootstrap-sass - 3.4.1,bootstrap.sass - 4.3.1,bootstrap - 3.4.1,bootstrap - 3.4.1 | ❌ | |\n\n\n# Details\n\n\n\u003cdetails\u003e\n \u003csummary\u003e\n 🟠CVE-2016-10735\n \u003c/summary\u003e\n\n### Vulnerable Library - **bootstrap-3.3.4.min.js**\n\nThe most popular front-end framework for developing responsive, mobile first projects on the web.\n\n**Library home page:** [ https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js ](https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js)\n\n**Path to dependency file:** /scorecard/Benchmark_v1.1_Scorecard_for_SAST-04.html\n\n**Path to vulnerable library:** /scorecard/content/js/bootstrap.min.js\n\n\n\n**Dependency Hierarchy:**\n\n\n- ❌ **bootstrap-3.3.4.min.js** (Vulnerable Library)\n\n\n\n\n***\n\n### Vulnerability Details\n\nIn Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. Converted from WS-2018-0021, on 2022-11-08.\n\n**Publish Date:** Jan 09, 2019 05:00 AM\n\n**URL:** [ CVE-2016-10735 ](https://www.mend.io/vulnerability-database/CVE-2016-10735)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:2.6000001%\n\n**Score:** 5.3\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-4p24-vmcr-4gqj\n\n**Release Date:** Jan 09, 2019 05:00 AM\n\n**Fix Resolution :** bootstrap - 3.4.0,bootstrap-sass - 3.4.0,org.webjars:bootstrap:3.4.0,bootstrap - 3.4.0,bootstrap-sass - 3.4.0,bootstrap - 4.0.0-beta.2,org.webjars:bootstrap:4.0.0-beta.2\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n 🟠CVE-2018-14040\n \u003c/summary\u003e\n\n### Vulnerable Library - **bootstrap-3.3.4.min.js**\n\nThe most popular front-end framework for developing responsive, mobile first projects on the web.\n\n**Library home page:** [ https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js ](https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js)\n\n**Path to dependency file:** /scorecard/Benchmark_v1.1_Scorecard_for_SAST-04.html\n\n**Path to vulnerable library:** /scorecard/content/js/bootstrap.min.js\n\n\n\n**Dependency Hierarchy:**\n\n\n- ❌ **bootstrap-3.3.4.min.js** (Vulnerable Library)\n\n\n\n\n***\n\n### Vulnerability Details\n\nIn Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.\n\n**Publish Date:** Jul 13, 2018 02:00 PM\n\n**URL:** [ CVE-2018-14040 ](https://www.mend.io/vulnerability-database/CVE-2018-14040)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:3.3%\n\n**Score:** 5.3\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-3wqf-4x89-9g79\n\n**Release Date:** Jul 13, 2018 02:00 PM\n\n**Fix Resolution :** org.webjars:bootstrap:4.1.2,bootstrap - 3.4.0,bootstrap.sass - 4.1.2,org.webjars:bootstrap:3.4.0,bootstrap - 4.1.2,bootstrap - 4.1.2,bootstrap - 3.4.0,bootstrap-sass - 3.4.0,bootstrap - 4.1.2\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n 🟠CVE-2018-14042\n \u003c/summary\u003e\n\n### Vulnerable Library - **bootstrap-3.3.4.min.js**\n\nThe most popular front-end framework for developing responsive, mobile first projects on the web.\n\n**Library home page:** [ https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js ](https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js)\n\n**Path to dependency file:** /scorecard/Benchmark_v1.1_Scorecard_for_SAST-04.html\n\n**Path to vulnerable library:** /scorecard/content/js/bootstrap.min.js\n\n\n\n**Dependency Hierarchy:**\n\n\n- ❌ **bootstrap-3.3.4.min.js** (Vulnerable Library)\n\n\n\n\n***\n\n### Vulnerability Details\n\nIn Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.\n\n**Publish Date:** Jul 13, 2018 02:00 PM\n\n**URL:** [ CVE-2018-14042 ](https://www.mend.io/vulnerability-database/CVE-2018-14042)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:3.5%\n\n**Score:** 5.3\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-7mvr-5x2g-wfc8\n\n**Release Date:** Jul 13, 2018 02:00 PM\n\n**Fix Resolution :** org.webjars:bootstrap:3.4.0,bootstrap.sass - 4.1.2,bootstrap-sass - 3.4.0,org.webjars:bootstrap:4.1.2,bootstrap-sass - 3.4.0,bootstrap - 4.1.2,bootstrap - 4.1.2,bootstrap - 3.4.0,bootstrap - 4.1.2,bootstrap - 3.4.0\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n 🟠CVE-2018-20676\n \u003c/summary\u003e\n\n### Vulnerable Library - **bootstrap-3.3.4.min.js**\n\nThe most popular front-end framework for developing responsive, mobile first projects on the web.\n\n**Library home page:** [ https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js ](https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js)\n\n**Path to dependency file:** /scorecard/Benchmark_v1.1_Scorecard_for_SAST-04.html\n\n**Path to vulnerable library:** /scorecard/content/js/bootstrap.min.js\n\n\n\n**Dependency Hierarchy:**\n\n\n- ❌ **bootstrap-3.3.4.min.js** (Vulnerable Library)\n\n\n\n\n***\n\n### Vulnerability Details\n\nIn Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.\n\n**Publish Date:** Jan 09, 2019 05:00 AM\n\n**URL:** [ CVE-2018-20676 ](https://www.mend.io/vulnerability-database/CVE-2018-20676)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:2.7%\n\n**Score:** 5.3\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-3mgp-fx93-9xv5\n\n**Release Date:** Jan 09, 2019 05:00 AM\n\n**Fix Resolution :** bootstrap - 3.4.0,bootstrap-sass - 3.4.0,org.webjars:bootstrap:3.4.0,bootstrap - 3.4.0,bootstrap-sass - 3.4.0\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n 🟠CVE-2018-20677\n \u003c/summary\u003e\n\n### Vulnerable Library - **bootstrap-3.3.4.min.js**\n\nThe most popular front-end framework for developing responsive, mobile first projects on the web.\n\n**Library home page:** [ https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js ](https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js)\n\n**Path to dependency file:** /scorecard/Benchmark_v1.1_Scorecard_for_SAST-04.html\n\n**Path to vulnerable library:** /scorecard/content/js/bootstrap.min.js\n\n\n\n**Dependency Hierarchy:**\n\n\n- ❌ **bootstrap-3.3.4.min.js** (Vulnerable Library)\n\n\n\n\n***\n\n### Vulnerability Details\n\nIn Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.\n\n**Publish Date:** Jan 09, 2019 05:00 AM\n\n**URL:** [ CVE-2018-20677 ](https://www.mend.io/vulnerability-database/CVE-2018-20677)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:9.4%\n\n**Score:** 5.3\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-ph58-4vrj-w6hr\n\n**Release Date:** Jan 09, 2019 05:00 AM\n\n**Fix Resolution :** bootstrap - 3.4.0,org.webjars:bootstrap:3.4.0,bootstrap-sass - 3.4.0,bootstrap-sass - 3.4.0,bootstrap - 3.4.0\n\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n 🟠CVE-2019-8331\n \u003c/summary\u003e\n\n### Vulnerable Library - **bootstrap-3.3.4.min.js**\n\nThe most popular front-end framework for developing responsive, mobile first projects on the web.\n\n**Library home page:** [ https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js ](https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js)\n\n**Path to dependency file:** /scorecard/Benchmark_v1.1_Scorecard_for_SAST-04.html\n\n**Path to vulnerable library:** /scorecard/content/js/bootstrap.min.js\n\n\n\n**Dependency Hierarchy:**\n\n\n- ❌ **bootstrap-3.3.4.min.js** (Vulnerable Library)\n\n\n\n\n***\n\n### Vulnerability Details\n\nIn Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.\n\n**Publish Date:** Feb 20, 2019 04:00 PM\n\n**URL:** [ CVE-2019-8331 ](https://www.mend.io/vulnerability-database/CVE-2019-8331)\n\n**Threat Assessment**\n\nExploit Maturity:Not Defined\n\nEPSS:2.5%\n\n**Score:** 5.3\n\n\n***\n### Suggested Fix\n\n**Type:** Upgrade version\n\n**Origin:** https://github.com/advisories/GHSA-9v3m-8fp8-mj99\n\n**Release Date:** Feb 20, 2019 04:00 PM\n\n**Fix Resolution :** bootstrap-sass - 3.4.1,bootstrap - 4.3.1,org.webjars:bootstrap:4.3.1,bootstrap - 4.3.1,org.webjars:bootstrap:3.4.1,Bootstrap.Less - 3.4.1,bootstrap - 4.3.1,bootstrap-sass - 3.4.1,bootstrap.sass - 4.3.1,bootstrap - 3.4.1,bootstrap - 3.4.1\n\n\n\u003c/details\u003e\n\n[comment]: \u003c\u003e (\u003cMEND_ISSUE_METADATA\u003e{\"identifier\":\"bootstrap-3.3.4.min.js\",\"repoName\":\"BenchmarkJava\",\"branchName\":\"master\",\"type\":\"SCA_DEP\"}\u003c/MEND_ISSUE_METADATA\u003e)","author":{"url":"https://github.com/mend-developer-platform-dev[bot]","@type":"Person","name":"mend-developer-platform-dev[bot]"},"datePublished":"2025-09-28T05:43:42.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/39/BenchmarkJava/issues/39"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:88e6002e-1ad4-39c9-c49d-c261c38295a0 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | E420:16A191:F2447A:1494390:6A520558 |
| html-safe-nonce | 00a94fabcc86d35509a8c0f466bb660df3f7e8e3ecf032ff5295d555c48c7f3c |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFNDIwOjE2QTE5MTpGMjQ0N0E6MTQ5NDM5MDo2QTUyMDU1OCIsInZpc2l0b3JfaWQiOiI3NDg3ODYxOTg0MzgzMzM3ODE2IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | 0cb75d4f81649ec9172c6304f59da5d4287e1358b0f8a3757994d20d852f73b3 |
| hovercard-subject-tag | issue:3461119546 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/amaybaum-dev/BenchmarkJava/39/issue_layout |
| twitter:image | https://opengraph.githubassets.com/78e1391d22aed9ffc91142cea02c77b404f9afb3ce33f0bb3e662faeb7f70bae/amaybaum-dev/BenchmarkJava/issues/39 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/78e1391d22aed9ffc91142cea02c77b404f9afb3ce33f0bb3e662faeb7f70bae/amaybaum-dev/BenchmarkJava/issues/39 |
| og:image:alt | 📂 Vulnerable Library - bootstrap-3.3.4.min.js The most popular front-end framework for developing responsive, mobile first projects on the web. Library home page: https://cdnjs.cloudflare.com/ajax/... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | mend-developer-platform-dev[bot] |
| hostname | github.com |
| expected-hostname | github.com |
| None | b9a586c06a05a7a86fc7e3f4dbd03e42f6869085879aa184aa6369456dbd50fb |
| turbo-cache-control | no-preview |
| go-import | github.com/amaybaum-dev/BenchmarkJava git https://github.com/amaybaum-dev/BenchmarkJava.git |
| octolytics-dimension-user_id | 29013484 |
| octolytics-dimension-user_login | amaybaum-dev |
| octolytics-dimension-repository_id | 619308890 |
| octolytics-dimension-repository_nwo | amaybaum-dev/BenchmarkJava |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | true |
| octolytics-dimension-repository_parent_id | 33565372 |
| octolytics-dimension-repository_parent_nwo | OWASP-Benchmark/BenchmarkJava |
| octolytics-dimension-repository_network_root_id | 33565372 |
| octolytics-dimension-repository_network_root_nwo | OWASP-Benchmark/BenchmarkJava |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 7aed05249554b889eb33d002851a973eebcc7e91 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width