See on RubyGems

twitter-bootstrap-rails 4.0.0

1 security vulnerability found in version 4.0.0

twitter-bootstrap-rails vulnerable to Cross-Site Scripting (XSS)

medium severity CVE-2019-8331
medium severity CVE-2019-8331

The seyhunak/twitter-bootstrap-rails gem includes a vendored version of the Bootstrap JavaScript library.

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

The most recent version of this gem, 5.0.0, includes Bootstrap v 3.3.6. All versions of Bootstrap before v 3.4.1 are affected by this vulnerability. All versions of this gem are affected.

Workarounds

Until this gem is updated to use Bootstrap v3.4.1, users can replace it with the official Twitter-maintained gems, bootstrap-sass (version 3.4.1) or bootstrap (bootstrap 4 and 5).

No officially reported memory leakage issues detected.

This gem version does not have any officially reported memory leaked issues.

No license issues detected.

This gem version has a license in the gemspec.

This gem version is available.

This gem version has not been yanked and is still available for usage.