1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
From: =?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org>
Date: Thu, 10 Apr 2025 23:36:04 +0200
Subject: CVE-2024-6484
Fix this vulnerability by checking before calling if the target is a carousel
and disabling further event calling if not
origin: backport, https://github.com/odinserj/bootstrap/commit/0ea568be7ff0c1f72a693f5d782277a9e9872077
bug: https://www.herodevs.com/vulnerability-directory/cve-2024-6484
bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084060
---
js/carousel.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/js/carousel.js b/js/carousel.js
index a5fcac3..058d3d3 100644
--- a/js/carousel.js
+++ b/js/carousel.js
@@ -217,7 +217,7 @@
var target = $this.attr('data-target') || href
var $target = $(document).find(target)
- if (!$target.hasClass('carousel')) return
+ if (!$target.hasClass('carousel')) return false;
var options = $.extend({}, $target.data(), $this.data())
var slideIndex = $this.attr('data-slide-to')
|
