Bootstrap 3.4.1 In SP Pagebuilder Causing Security Audit Error.
Vince Murphy
Hi, One of my sites is failing a security audit due to use of bootstrap 3.4.1 in pagebuilder. I had this issue before when version 3.2 was used (see https://www.joomshaper.com/forum/question/24277). The patch moved things to 3.4.1 but now I'm having a reported problem with that version. The security report shows:
Description The identified library bootstrap, version 3.4.1 is vulnerable. Solution Please upgrade to the latest version of bootstrap. Instances 1 of 1 uri: https://www.cfgrenville.ca/components/com_sppagebuilder/assets/js/sppagebuilder.js?2cf0875e1daf356bc4e64c053e7a4150 method: GET evidence: this.close)};i.VERSION"3.4.1",i.prototype.close otherinfo: CVE20246484 References https://nvd.nist.gov/vuln/detail/CVE20246484 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE20246484.yml https://www.herodevs.com/vulnerability-directory/cve-20246484 https://github.com/twbs/bootstrap https://github.com/twbs/bootstrap/issues/20631 https://github.com/advisories/GHSA9mvj-f7w8-pvh2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE20246484.yml
Is there anything I can do to resolve this. I'm running Joomla 5.2.2, Pagebuilder 5.4.4, template: Shaper_helixultimate, php 8.2.
Any suggestions greatly appreciated.
Cheers...Vince
Toufiq
Accepted AnswerHi there,
Thank you for reaching out, and I apologize for any inconvenience caused by this oversight. Please allow me time. I will get back to you soon.
Best regards,
Toufiqur Rahman (Team Lead, Support)
Vince Murphy
Accepted AnswerHi, Wondering if there has been any update on this issue?
Thanks...Vince