Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.
Name: Junqi Zhao (Red Hat)
This issue has been addressed in the following products:
Red Hat OpenShift Container Platform 4.2
Via RHSA-2019:3771 https://access.redhat.com/errata/RHSA-2019:3771
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):