CVE-2021-23472 — Type Confusion in Bootstrap Table

CWE-843 — Type Confusion CWE-79 — Cross-site Scripting4 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.6%

top 31.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bootstrap-table Bootstrap Table

Timeline

PublishedNov 3

Latest updateNov 8

Description

This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDbootstrap-table/bootstrap_table< 1.19.1

Patches

Patch: security.snyk.io ↗Patch: security.snyk.io ↗

🔴Vulnerability Details

OSV

Cross-site Scripting in bootstrap-table↗2021-11-08

▶

GHSA

Cross-site Scripting in bootstrap-table↗2021-11-08

▶

OSV

CVE-2021-23472: This affects versions before 1↗2021-11-03

▶