From: =?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org>
Date: Thu, 10 Apr 2025 23:36:04 +0200
Subject: CVE-2024-6484

Fix this vulnerability by checking before calling if the target is a carousel
and disabling further event calling if not

origin: backport, https://github.com/odinserj/bootstrap/commit/0ea568be7ff0c1f72a693f5d782277a9e9872077
bug: https://www.herodevs.com/vulnerability-directory/cve-2024-6484
bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084060
---
 js/carousel.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/carousel.js b/js/carousel.js
index a5fcac3..058d3d3 100644
--- a/js/carousel.js
+++ b/js/carousel.js
@@ -217,7 +217,7 @@
     var target  = $this.attr('data-target') || href
     var $target = $(document).find(target)
 
-    if (!$target.hasClass('carousel')) return
+    if (!$target.hasClass('carousel')) return false;
 
     var options = $.extend({}, $target.data(), $this.data())
     var slideIndex = $this.attr('data-slide-to')