bootstrap 4.0.0.beta2

5 security vulnerabilities found in version 4.0.0.beta2

XSS vulnerability in bootstrap

medium severity CVE-2019-8331
medium severity CVE-2019-8331
Patched versions: >= 4.3.1

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Bootstrap Cross-site Scripting vulnerability

medium severity CVE-2018-14042
medium severity CVE-2018-14042
Patched versions: >= 4.1.2

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.

Bootstrap vulnerable to Cross-Site Scripting (XSS)

medium severity CVE-2018-14041
medium severity CVE-2018-14041
Patched versions: >= 4.1.2

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

XSS vulnerabilities via data-parent, data-target, data-container in bootstrap

medium severity CVE-2018-14040
medium severity CVE-2018-14040
Patched versions: >= 4.1.2

In Bootstrap before 4.1.2, XSS is possible in collapse data-parent attribute (CVE-2018-14040), data-target property of scrollspy (CVE-2018-14041), data-container property of tooltip (CVE-2018-14042)

XSS vulnerability via data-target in bootstrap

medium severity CVE-2016-10735
medium severity CVE-2016-10735
Patched versions: >= 4.0.0.pre.beta.2

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute.

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

No license issues detected.


This gem version has a license in the gemspec.

This gem version is available.


This gem version has not been yanked and is still available for usage.