Bootstrap package upgrade for vulnerability issue

[irenewhlee]

Hi,

I sent an email to "security@encode.io" to report a vulnerability issue two weeks ago with followup and received no reply so far. Please could you help check? The subject of my email is "django-rest-framework vulnerability issue with bootstrap 3.4.1". Thank you.

[tomchristie]

Your message was / has been flagged as attention spamming.

[auvipy]

sorry, mistakenly clicked the button!

[tomchristie]

Refs: CVE-2024-6484

The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of a tag due to inadequate sanitization.

These elements are not used within the browsable API.

Let's continue any conversation on #7327.

[irenewhlee]

Thanks for the link I will check #7327 for updates from now on.