[Pkg-javascript-devel] Bug#1055612: libjs-bootbox: CVE-2023-46998
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 8 21:10:15 GMT 2023
Source: libjs-bootbox
Version: 5.5.3~ds-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/bootboxjs/bootbox/issues/661
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for libjs-bootbox.
CVE-2023-46998[0]:
| Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2
| through 6.0 allows a remote attacker to execute arbitrary code via a
| crafted payload to alert(), confirm(), prompt() functions.
At time of writing, there is no upstream fix for this issue. Cf. as
well [1].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-46998
https://www.cve.org/CVERecord?id=CVE-2023-46998
[1] https://github.com/bootboxjs/bootbox/issues/661
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-javascript-devel
mailing list