Evergreen

Potential XSS issues in npm-bootstrap < 3.4.0

Bug #1812273 reported by Galen Charlton on 2019-01-17

This bug report is a duplicate of: Bug #1992529: Upgrade insecure npm dependencies for angularjs staff client. Edit Remove

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Evergreen	New	Low	Unassigned

Bug Description

An automated GitHub repository alert looking at package.json for the AngularJS staff client came in recommending upgrading to bootstrap ~> 3.4.0.

Based on a look at https://snyk.io/vuln/npm:bootstrap, none of the specific XSS vulnerabilities appear to be reachable in Evergreen, so I'm marking this as a public security bug rather than initially as a private one. Worth updating, of course.

Tags:

Galen Charlton (gmc) on 2019-01-17

no longer affects:	opensrf
Changed in evergreen:
importance:	Undecided → Low

Terran McCanna (tmccanna) on 2021-10-27

tags:

added: bootstrap

Revision history for this message

Jane Sandberg (sandbergja) wrote on 2022-10-27:

This is fixed in the patch linked in bug 1992529, so I am marking it as a duplicate.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #1992529 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.