Homepage

bokeh@0.4.4

Interactive plots and applications in the browser from Python

  • latest version

    3.10.0.dev4

  • latest non vulnerable version

    3.10.0.dev4

  • first published

    12 years ago

  • latest version published

    27 days ago

  • licenses detected

  • View bokeh package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the bokeh package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Missing Origin Validation in WebSockets

    bokeh is an Interactive plots and applications in the browser from Python

    Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the match_host function in the server/util.py file. An attacker can gain unauthorized access to sensitive data or modify visualizations by exploiting flawed hostname validation logic in WebSocket connections.

    Note: This is only exploitable if the server is deployed with an allowlist and the attacker can register a domain that starts with an allowed pattern.

    How to fix Missing Origin Validation in WebSockets?

    Upgrade bokeh to version 3.8.2 or higher.

    [,3.8.2)
    Go back to all versions of this package