/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-p633-c53m-6m8c

Published

Last updated

https://images.chainguard.dev/security/CGA-p633-c53m-6m8c
Package

grafana-11.2

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2016-10735
  • GHSA-4p24-vmcr-4gqj

Severity

6.1

Medium

CVSS CVSS_V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2016-10735

Updates

Status

Pending upstream fix

Impact

Grafana project maintainers claim the bootstrap lib is only there now to support Angular plugins that still use them. Angular is planned to be removed as a part of the Grafana 12 release which can be seen here: https://github.com/grafana/grafana/issues/95822 Until then this library is required. However, since the release of Grafana v11, the angular_support_enabled configuration parameter to inherently support for AngularJS based plugins is set to false by default as seen here: https://github.com/grafana/grafana/blob/9225f4a1cbd1cfe8b69f1aa2d62309a9700533a5/conf/defaults.ini#L401 The bootstrap vulnerability exposure is entirely controlled by the configuration and use cases determined by the user.


Safe Source for Open Source™
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing