Add CVE-2019-8331 for bootstrap-sass (#387)

reynhout · reedloden · commit a4b1ed81d24a · 2019-04-19T10:56:00.000-07:00
diff --git a/gems/bootstrap-sass/CVE-2019-8331.yml b/gems/bootstrap-sass/CVE-2019-8331.yml
@@ -0,0 +1,20 @@
+---
+gem: bootstrap-sass
+cve: 2019-8331
+url: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/
+title: XSS vulnerability in bootstrap-sass
+date: 2019-02-15
+
+description: |
+  In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible
+  in the tooltip or popover data-template attribute.
+
+cvss_v2: 4.3
+cvss_v3: 6.1
+
+patched_versions:
+  - '>= 3.4.1'
+
+related:
+  url:
+    - https://github.com/twbs/bootstrap-sass/releases/tag/v3.4.1
