Bootstrap vulnerabilities


I have a question about bootstrap vulnerabilities.

In bootstrap versions below 4.1.2, these 3 vulnerabilities have been found:

We are using Kibana as part of our solution and when digging into the files we saw that Kibana contains references to bootstrap version 3.1.1. (e.g. link rel="stylesheet" href="").

However when checking the source files in the browser (when running the project) we can't find bootstrap.css or bootstrap.min.css.

I saw on an older thread that you are migrating the bootstrap code to one of your own:

My question is - is Kibana affected by those 3 vulnerabilities? We are a bit confused as to whether or not Kibana uses the relevant code of bootstrap.


Hello, what version of Kibana are you checking? I've looked at the newest release and couldn't find any reference to bootstrap.

Hi Marta,
We are using Kibana 7.8.0.

It looks like all the bootstrap.css references are in this directory:

one example is:

Is there any update on the issue?


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.