René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"CVE-2016-10735 (Medium) detected in bootstrap-3.3.6.jar","articleBody":"## CVE-2016-10735 - Medium Severity Vulnerability\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20\u003e Vulnerable Library - \u003cb\u003ebootstrap-3.3.6.jar\u003c/b\u003e\u003c/summary\u003e\n\n\u003cp\u003eWebJar for Bootstrap\u003c/p\u003e\n\u003cp\u003eLibrary home page: \u003ca href=\"http://webjars.org\"\u003ehttp://webjars.org\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003ePath to dependency file: /pom.xml\u003c/p\u003e\n\u003cp\u003ePath to vulnerable library: /jars/bootstrap/3.3.6/bootstrap-3.3.6.jar,/target/in28Minutes-first-webapp-0.0.1-SNAPSHOT/WEB-INF/lib/bootstrap-3.3.6.jar\u003c/p\u003e\n\u003cp\u003e\n\nDependency Hierarchy:\n  - :x: **bootstrap-3.3.6.jar** (Vulnerable Library)\n\u003cp\u003eFound in base branch: \u003cb\u003emaster\u003c/b\u003e\u003c/p\u003e\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20\u003e Vulnerability Details\u003c/summary\u003e\n\u003cp\u003e  \n  \nIn Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. Converted from WS-2018-0021, on 2022-11-08.\n Mend Note: The description of this vulnerability differs from MITRE. \n\n\u003cp\u003ePublish Date: 2019-01-09\n\u003cp\u003eURL: \u003ca href=https://www.mend.io/vulnerability-database/CVE-2016-10735\u003eCVE-2016-10735\u003c/a\u003e\u003c/p\u003e\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20\u003e CVSS 3 Score Details (\u003cb\u003e6.1\u003c/b\u003e)\u003c/summary\u003e\n\u003cp\u003e\n\nBase Score Metrics:\n- Exploitability Metrics:\n  - Attack Vector: Network\n  - Attack Complexity: Low\n  - Privileges Required: None\n  - User Interaction: Required\n  - Scope: Changed\n- Impact Metrics:\n  - Confidentiality Impact: Low\n  - Integrity Impact: Low\n  - Availability Impact: None\n\u003c/p\u003e\nFor more information on CVSS3 Scores, click \u003ca href=\"https://www.first.org/cvss/calculator/3.0\"\u003ehere\u003c/a\u003e.\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/suggested_fix.png' width=19 height=20\u003e Suggested Fix\u003c/summary\u003e\n\u003cp\u003e\n\n\u003cp\u003eType: Upgrade version\u003c/p\u003e\n\u003cp\u003eOrigin: \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735\"\u003ehttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eRelease Date: 2019-01-09\u003c/p\u003e\n\u003cp\u003eFix Resolution: 3.4.0\u003c/p\u003e\n\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\n***\nStep up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)","author":{"url":"https://github.com/mend-bolt-for-github[bot]","@type":"Person","name":"mend-bolt-for-github[bot]"},"datePublished":"2024-03-13T20:15:27.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":2},"url":"https://github.com/20/JavaWebApplicationStepByStep/issues/20"}