1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1084060: twitter-bootstrap3: CVE-2024-6484 CVE-2024-6485

    From Sylvain Beucler@21:1/5 to jmm@inutil.org on Wed Apr 9 11:40:04 2025
    Hi,

    On Fri, 4 Oct 2024 17:19:21 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <jmm@inutil.org> wrote:
    CVE-2024-6485[1]:
    | A security vulnerability has been discovered in bootstrap that could
    | enable Cross-Site Scripting (XSS) attacks. The vulnerability is
    | associated with the data-loading-text attribute within the button
    | plugin. This vulnerability can be exploited by injecting malicious
    | JavaScript code into the attribute, which would then be executed
    | when the button's loading state is triggered.

    https://www.herodevs.com/vulnerability-directory/cve-2024-6485
    Possible fix for CVE-2024-6485 (not CVE-2024-6484) in a bootstrap3 fork: https://github.com/entreprise7pro/bootstrap/commit/769c032fd93d6f2c07599e096a736c5d09c041cf
    (thanks Bastien for the pointer)

    WDYT?

    Cheers!
    Sylvain Beucler
    Debian LTS Team

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)