bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the
Upgrade to version 2.0.0-rc.12 or later.
- (GitHub Issue)[https://github.com/bootstrap-vue/bootstrap-vue/issues/1974]
publishedAdvisory PublishedJan 16th, 2019
reportedReported by Grover Sean ReyesJan 16th, 2019