Malicious code in bootstrap-sass-official (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad2a7bd842611f44470a65604ac8bbe370ada242710bfe735059883033b680cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1832 Malicious code in bootstrap-sass-official (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad2a7bd842611f44470a65604ac8bbe370ada242710bfe735059883033b680cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview bootstrap-sass-official is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

SUSE CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

Malicious Package

simplecaptcha2 is a malicious package. The package contains a backdoor similar to the bootstrap-sass malware, as seen in simplecaptcha2-0.2.3/lib/simplecaptcha/middleware.rb...

Malicious Package

datagrid is a malicious package. The package contains a backdoor similar to the bootstrap-sass malware, as seen in datagrid-1.0.6/lib/datagrid/drivers/abstractdriver.rb...

CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

Malicious Package

bootstrap-sass, version 3.2.0.3, is a malicious package. The vulnerability exists through a backdoor in lib/active-controller/middleware.rb in the value of the malicious cfduid cookie that is used in the eval function, causing arbitrary code execution attacks...

Bootstrap-sass contains code execution backdoor

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

GHSA-VQQV-V9M2-48P2 Bootstrap-sass contains code execution backdoor

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

CVE-2019-10842

CVE-2019-10842 describes an arbitrary code execution backdoor in bootstrap-sass 3.2.0.3 when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64-encoded code to be executed via eval(), enabling remote code execution on the target system. The ...

Remote code execution in bootstrap-sass

Arbitrary code execution via backdoor code, when downloaded from rubygems.org was discovered in bootstrap-sass 3.2.0.3. Users are advised to upgrade immediately to 3.2.0.4 An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can b...

@agorize/gommette (>=1.4.1 <=1.4.2), @antarctica/bas-style-kit (>=0.5.0 <=0.5.0-beta) +154 more potentially affected by CVE-2019-8331 via bootstrap-sass (>=3.1.1 <=3.4.0)

bootstrap-sass NPM version =3.1.1, =1.4.1, =0.5.0, =0.0.1, =0.0.1, =0.533.0, =8.0.0, =0.1.0, =2.0.2, =0.1.0, =0.0.1, =1.0.0, =1.0.1 and more Source cves: CVE-2019-8331 Source advisory: OSV:GHSA-9V3M-8FP8-MJ99...

Moderate severity vulnerability that affects bootstrap and bootstrap-sass

In Bootstrap 4 before 4.3.1 and Bootstrap 3 before 3.4.1, XSS is possible in the tooltip or popover data-template attribute. For more information, see: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/...

twitter-bootstrap-rails vulnerable to Cross-Site Scripting (XSS)

The seyhunak/twitter-bootstrap-rails gem includes a vendored version of the Bootstrap JavaScript library. In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. The most recent version of this gem, 5.0.0, includes Bootstrap v 3.3.6. Al...

@antarctica/bas-style-kit (>=0.5.0 <=0.5.0-beta), @antistatique/retraitespopulaires-styleguide (>=0.0.1 <=1.8.4) +153 more potentially affected by CVE-2018-20677 via bootstrap-sass (>=2.3.2 <=3.3.7)

bootstrap-sass NPM version =2.3.2, =0.5.0, =0.0.1, =0.0.1, =0.533.0, =8.0.0, =0.1.0, =2.0.2, =0.1.0, =0.0.1, =1.0.0, =1.0.1 - @opuscapita/oc-common-ui =8.3.3 and more Source cves: CVE-2018-20677 Source advisory: OSV:GHSA-PH58-4VRJ-W6HR...