Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser. Introduced By: https://github.com/bassjobsen/Bootstrap-3-Typeahead/commit/dbd1af5b
Acknowledgments: Name: Junqi Zhao (Red Hat)
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.2 Via RHSA-2019:3771 https://access.redhat.com/errata/RHSA-2019:3771
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10215