Moderate severityOSV Advisory· Published Jan 9, 2019· Updated Aug 5, 2024
CVE-2018-20676
CVE-2018-20676
Description
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bootstrapnpm | < 3.4.0 | 3.4.0 |
bootstrap-sassnpm | < 3.4.0 | 3.4.0 |
twbs/bootstrapPackagist | < 3.4.0 | 3.4.0 |
org.webjars:bootstrapMaven | < 3.4.0 | 3.4.0 |
bootstrapRubyGems | < 3.4.0 | 3.4.0 |
bootstrap-sassRubyGems | < 3.4.0 | 3.4.0 |
bootstrapNuGet | < 3.4.0 | 3.4.0 |
Affected products
49- osv-coords48 versionspkg:apk/chainguard/grafana-10.4pkg:apk/chainguard/grafana-10.4-oci-compatpkg:apk/chainguard/grafana-11.2pkg:apk/chainguard/grafana-11.2-oci-compatpkg:apk/chainguard/grafana-11.3pkg:apk/chainguard/grafana-11.3-oci-compatpkg:apk/chainguard/grafana-11.4pkg:apk/chainguard/grafana-11.4-oci-compatpkg:apk/chainguard/grafana-11.5pkg:apk/chainguard/grafana-11.5-oci-compatpkg:apk/chainguard/grafana-11.6pkg:apk/chainguard/grafana-11.6-oci-compatpkg:apk/chainguard/grafana-fips-11.2pkg:apk/chainguard/grafana-fips-11.2-oci-compatpkg:apk/chainguard/grafana-fips-11.3pkg:apk/chainguard/grafana-fips-11.3-oci-compatpkg:apk/chainguard/grafana-fips-11.4pkg:apk/chainguard/grafana-fips-11.4-oci-compatpkg:apk/chainguard/grafana-fips-11.5pkg:apk/chainguard/grafana-fips-11.5-oci-compatpkg:apk/chainguard/grafana-fips-11.6pkg:apk/chainguard/grafana-fips-11.6-oci-compatpkg:apk/wolfi/grafana-10.4pkg:apk/wolfi/grafana-11.2pkg:apk/wolfi/grafana-11.2-oci-compatpkg:apk/wolfi/grafana-11.3pkg:apk/wolfi/grafana-11.3-oci-compatpkg:apk/wolfi/grafana-11.4pkg:apk/wolfi/grafana-11.4-oci-compatpkg:apk/wolfi/grafana-11.5pkg:apk/wolfi/grafana-11.5-oci-compatpkg:apk/wolfi/grafana-11.6pkg:apk/wolfi/grafana-11.6-oci-compatpkg:composer/twbs/bootstrappkg:gem/bootstrappkg:gem/bootstrap-sasspkg:maven/org.webjars/bootstrappkg:npm/bootstrappkg:npm/bootstrap-sasspkg:nuget/bootstrappkg:rpm/almalinux/custodiapkg:rpm/almalinux/python3-custodiapkg:rpm/almalinux/python3-jwcryptopkg:rpm/almalinux/python3-kdcproxypkg:rpm/almalinux/python3-pyusbpkg:rpm/almalinux/python3-qrcodepkg:rpm/almalinux/python3-qrcode-corepkg:rpm/almalinux/python3-yubico
< 10.4.19.01-r4+ 47 more
- (no CPE)range: < 10.4.19.01-r4
- (no CPE)range: < 10.4.19.01-r4
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 11.2.10.01-r6
- (no CPE)range: < 11.2.10.01-r6
- (no CPE)range: < 11.3.9-r4
- (no CPE)range: < 11.3.9-r4
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 10.4.19.01-r4
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 3.4.0
- (no CPE)range: < 3.4.0
- (no CPE)range: < 3.4.0
- (no CPE)range: < 3.4.0
- (no CPE)range: < 3.4.0
- (no CPE)range: < 3.4.0
- (no CPE)range: < 3.4.0
- (no CPE)range: < 0.6.0-3.module_el8.6.0+2881+2f24dc92
- (no CPE)range: < 0.6.0-3.module_el8.6.0+2881+2f24dc92
- (no CPE)range: < 0.5.0-1.module_el8.5.0+2641+983b221b
- (no CPE)range: < 0.4-5.module_el8.6.0+2881+2f24dc92
- (no CPE)range: < 1.0.0-9.module_el8.5.0+2641+983b221b
- (no CPE)range: < 5.1-12.module_el8.6.0+2881+2f24dc92
- (no CPE)range: < 5.1-12.module_el8.6.0+2737+7e73ea90
- (no CPE)range: < 1.3.2-9.module_el8.5.0+2641+983b221b
Patches
Vulnerability mechanics
References
20- access.redhat.com/errata/RHBA-2019:1076ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHBA-2019:1570ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:1456ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:3023ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0132ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0133ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-3mgp-fx93-9xv5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-20676ghsaADVISORY
- blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0ghsaWEB
- blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/mitrex_refsource_MISC
- github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20676.ymlghsaWEB
- github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609dghsaWEB
- github.com/twbs/bootstrap/issues/27044ghsax_refsource_MISCWEB
- github.com/twbs/bootstrap/issues/27915ghsax_refsource_MISCWEB
- github.com/twbs/bootstrap/issues/27915ghsax_refsource_MISCWEB
- github.com/twbs/bootstrap/pull/27047ghsax_refsource_MISCWEB
- lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3EghsaWEB
- www.tenable.com/security/tns-2021-14mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.