Title: CVE-2018-20677 (Medium) detected in bootstrap-3.3.6.jar · Issue #10 · jinhogate/JavaWebApplicationStepByStep · GitHub
Open Graph Title: CVE-2018-20677 (Medium) detected in bootstrap-3.3.6.jar · Issue #10 · jinhogate/JavaWebApplicationStepByStep
X Title: CVE-2018-20677 (Medium) detected in bootstrap-3.3.6.jar · Issue #10 · jinhogate/JavaWebApplicationStepByStep
Description: CVE-2018-20677 - Medium Severity Vulnerability Vulnerable Library - bootstrap-3.3.6.jar WebJar for Bootstrap Library home page: http://webjars.org Path to dependency file: /pom.xml Path to vulnerable library: /jars/bootstrap/3.3.6/bootst...
Open Graph Description: CVE-2018-20677 - Medium Severity Vulnerability Vulnerable Library - bootstrap-3.3.6.jar WebJar for Bootstrap Library home page: http://webjars.org Path to dependency file: /pom.xml Path to vulnerab...
X Description: CVE-2018-20677 - Medium Severity Vulnerability Vulnerable Library - bootstrap-3.3.6.jar WebJar for Bootstrap Library home page: http://webjars.org Path to dependency file: /pom.xml Path to vulnerab...
Opengraph URL: https://github.com/jinhogate/JavaWebApplicationStepByStep/issues/10
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"CVE-2018-20677 (Medium) detected in bootstrap-3.3.6.jar","articleBody":"## CVE-2018-20677 - Medium Severity Vulnerability\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20\u003e Vulnerable Library - \u003cb\u003ebootstrap-3.3.6.jar\u003c/b\u003e\u003c/p\u003e\u003c/summary\u003e\n\n\u003cp\u003eWebJar for Bootstrap\u003c/p\u003e\n\u003cp\u003eLibrary home page: \u003ca href=\"http://webjars.org\"\u003ehttp://webjars.org\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003ePath to dependency file: /pom.xml\u003c/p\u003e\n\u003cp\u003ePath to vulnerable library: /jars/bootstrap/3.3.6/bootstrap-3.3.6.jar,/target/in28Minutes-first-webapp-0.0.1-SNAPSHOT/WEB-INF/lib/bootstrap-3.3.6.jar\u003c/p\u003e\n\u003cp\u003e\n\nDependency Hierarchy:\n - :x: **bootstrap-3.3.6.jar** (Vulnerable Library)\n\u003cp\u003eFound in HEAD commit: \u003ca href=\"https://github.com/jinhogate/JavaWebApplicationStepByStep/commit/1a40de2ada6c57268647b35fd533fc5f5ecdbfb3\"\u003e1a40de2ada6c57268647b35fd533fc5f5ecdbfb3\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eFound in base branch: \u003cb\u003emaster\u003c/b\u003e\u003c/p\u003e\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png' width=19 height=20\u003e Vulnerability Details\u003c/summary\u003e\n\u003cp\u003e \n \nIn Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.\n\n\u003cp\u003ePublish Date: 2019-01-09\n\u003cp\u003eURL: \u003ca href=https://www.mend.io/vulnerability-database/CVE-2018-20677\u003eCVE-2018-20677\u003c/a\u003e\u003c/p\u003e\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20\u003e CVSS 3 Score Details (\u003cb\u003e6.1\u003c/b\u003e)\u003c/summary\u003e\n\u003cp\u003e\n\nBase Score Metrics:\n- Exploitability Metrics:\n - Attack Vector: Network\n - Attack Complexity: Low\n - Privileges Required: None\n - User Interaction: Required\n - Scope: Changed\n- Impact Metrics:\n - Confidentiality Impact: Low\n - Integrity Impact: Low\n - Availability Impact: None\n\u003c/p\u003e\nFor more information on CVSS3 Scores, click \u003ca href=\"https://www.first.org/cvss/calculator/3.0\"\u003ehere\u003c/a\u003e.\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/suggested_fix.png' width=19 height=20\u003e Suggested Fix\u003c/summary\u003e\n\u003cp\u003e\n\n\u003cp\u003eType: Upgrade version\u003c/p\u003e\n\u003cp\u003eOrigin: \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677\"\u003ehttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eRelease Date: 2019-01-09\u003c/p\u003e\n\u003cp\u003eFix Resolution: 3.4.0\u003c/p\u003e\n\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\n***\nStep up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)","author":{"url":"https://github.com/mend-bolt-for-github[bot]","@type":"Person","name":"mend-bolt-for-github[bot]"},"datePublished":"2023-01-06T01:41:48.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/10/JavaWebApplicationStepByStep/issues/10"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:f0c52495-caae-2570-87f5-7b3b1e8c2703 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | ED1E:33CCD4:22381F:2E749A:6A5A6C3B |
| html-safe-nonce | 5cc1d98dc80bc5ee52e03c8ce7f5c5f269eba53a82fe59758dd4e4b5956525ae |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFRDFFOjMzQ0NENDoyMjM4MUY6MkU3NDlBOjZBNUE2QzNCIiwidmlzaXRvcl9pZCI6IjcwODcxOTAxODQ3NjE2NTAyMzUiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | a732867f78648d428422f7737e5d11787f8643e3034ae1d3c8f61ec420c39873 |
| hovercard-subject-tag | issue:1521730429 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/jinhogate/JavaWebApplicationStepByStep/10/issue_layout |
| twitter:image | https://opengraph.githubassets.com/98b976c4d5b61ce09073f31361c1744c7f7e31f8be9f100ab4737e9eb34375ad/jinhogate/JavaWebApplicationStepByStep/issues/10 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/98b976c4d5b61ce09073f31361c1744c7f7e31f8be9f100ab4737e9eb34375ad/jinhogate/JavaWebApplicationStepByStep/issues/10 |
| og:image:alt | CVE-2018-20677 - Medium Severity Vulnerability Vulnerable Library - bootstrap-3.3.6.jar WebJar for Bootstrap Library home page: http://webjars.org Path to dependency file: /pom.xml Path to vulnerab... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | mend-bolt-for-github[bot] |
| hostname | github.com |
| expected-hostname | github.com |
| None | 922bdba685ea48400234d557977f0e32d9adbae6f5125725b4f48cacc6801106 |
| turbo-cache-control | no-preview |
| go-import | github.com/jinhogate/JavaWebApplicationStepByStep git https://github.com/jinhogate/JavaWebApplicationStepByStep.git |
| octolytics-dimension-user_id | 43167955 |
| octolytics-dimension-user_login | jinhogate |
| octolytics-dimension-repository_id | 369470780 |
| octolytics-dimension-repository_nwo | jinhogate/JavaWebApplicationStepByStep |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | true |
| octolytics-dimension-repository_parent_id | 48418633 |
| octolytics-dimension-repository_parent_nwo | in28minutes/JavaWebApplicationStepByStep |
| octolytics-dimension-repository_network_root_id | 48418633 |
| octolytics-dimension-repository_network_root_nwo | in28minutes/JavaWebApplicationStepByStep |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 03575fc589c0e2692de839d7ca2b3aa5b5179f52 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width