6.1
CVSS V3
Status
Impact
Grafana project maintainers claim the bootstrap lib is only there now to support Angular plugins that still use them. Angular is planned to be removed as a part of the Grafana 12 release. Until then this library is required. However, since the release of Grafana v11, the angular_support_enabled configuration parameter to inherently support for AngularJS based plugins is set to false by default. The bootstrap vulnerability exposure is entirely controlled by the configuration and use cases determined by the user