Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-46998 from 3.2.0 to 6.0.0 | Fix Plan #855

Open
Lam1109 opened this issue Jun 7, 2024 · 2 comments
Open

CVE-2023-46998 from 3.2.0 to 6.0.0 | Fix Plan #855

Lam1109 opened this issue Jun 7, 2024 · 2 comments

Comments

@Lam1109
Copy link

Lam1109 commented Jun 7, 2024

Dear Bootbox development community,

May I know if we have any plan to fix CVE-2023-46998? And may I know the ETA of the new release?

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.

Appreciate your feedback.
@tiesont
Copy link
Member

tiesont commented Jun 8, 2024

No, no plans at the moment. Frankly, I consider it out of scope for Bootbox.

That being said, at some point we'll probably rewrite the core of Bootbox to use only plain JavaScript (to remove our jQuery dependency) but there's no roadmap for that either. That work would probably address most of the issues noted in that advisory.

@tiesont
Copy link
Member

tiesont commented Jun 8, 2024

Also: #661

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tiesont @Lam1109