I too am entirely out of my comfort zone with Javascript, so my level of certainty is low, based solely on the text of CVE-2019-8331 which says (all?) Bootstrap versions prior to 3.4.1 are affected. I also did not check the rdepends for python3-xstatic-bootstrap-scss in Ubuntu and perhaps incorrectly assumed it might be used by more packages or by unpackaged software on people's systems.
I'll continue trying to get one of the Horizon developers to provide input on this report... I am but a humble vulnerability coordinator in this particular case, far from being a subject matter expert on the software.
I too am entirely out of my comfort zone with Javascript, so my level of certainty is low, based solely on the text of CVE-2019-8331 which says (all?) Bootstrap versions prior to 3.4.1 are affected. I also did not check the rdepends for python3- xstatic- bootstrap- scss in Ubuntu and perhaps incorrectly assumed it might be used by more packages or by unpackaged software on people's systems.
I'll continue trying to get one of the Horizon developers to provide input on this report... I am but a humble vulnerability coordinator in this particular case, far from being a subject matter expert on the software.