PyPi: Bokeh

CVE-2019-11358

Transitive

Safety vulnerability ID: 45294

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 20, 2019 Updated at Dec 10, 2024
Scan your Python projects for vulnerabilities →

Advisory

Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes.

Affected package

bokeh

Latest version: 3.6.2

Interactive plots and applications in the browser from Python

Affected versions

Fixed versions

Vulnerability changelog

--------------------
* bugfixes:
- 2259 [component: bokehjs] [widgets] Autocomplete widget not recognizing value change
- 6855 [component: bokehjs] Boxselecttool does not work as expected with gmapplot
- 7699 [component: bokehjs] [webgl] Mixed canvas and webgl glyphs are painted in wrong z-order
- 8103 [component: bokehjs] Rangetool unusable after selection change
- 8828 [component: bokehjs] [widgets] [bug] autocompleteinput widget value attribute does not reflect selection
- 8835 [component: server] [bug] runtimeerror on adding callbacks after rendering
- 8843 [component: bokehjs] [widgets] Bar_color slider not updating
- 8849 [component: examples] [bug] color mapping bug in crossfilter example
- 8853 [bug] exports do not work with firefox webdriver
- 8889 [component: bokehjs] [bug] imageurl selection_glyph raises "typeerror: this.retries is undefined"
- 8895 [component: bokehjs] [bug] customjs callbacks added after initialization do not work
- 8903 [bug] layout accepts name as keyword arg but doesn't pass to underlying objects
- 8909 [component: bokehjs] [widgets] [bug] changing slider widget title property does not update view
* features:
- 4540 [component: bokehjs] [component: server] Slider callback_policy should work for apps
- 6135 [component: bokehjs] Feature request: textures to fill properties?
- 6769 [component: bokehjs] [layout] Legend title
- 8848 [API: plotting] [component: bokehjs] [feature] stacked areas and lines
- 8863 [feature] allow the webdriver timeout to be customized
* tasks:
- 4665 [component: bokehjs] [component: tests] Add missing widget callback integration tests
- 5469 [component: docs] Document that boxzoomtool does not work on gmapplot
- 5918 [component: bokehjs] Touch scroll the page when no tools are active
- 6516 [component: bokehjs] [widgets] add selenium tests for slider and rangeslider
- 6927 [component: bokehjs] Allow reset tool to only emit reset event, and skip built-in reset code
- 7238 [component: docs] Document get_screenshot_as_png better
- 8433 [component: build] Clean up .gitignore files across the repository
- 8496 "warning:bokeh.resources:root_url should end with a /, adding one" spam
- 8571 [component: docs] `scripts/deps.py` does not install phantom_js
- 8861 Create readme to explain server_embed usage
- 8867 [component: docs] Update tile provider example for "mapping geo data" user guide
- 8874 [component: build] Uploading actual releases to conda bokeh/label/dev
- 8875 Hatching/stacking follow on work
- 8876 [component: bokehjs] [component: build] Fix security vulnerabilities reported by npm audit
- 8897 Reference link updated
- 8901 [component: examples] [bug] legend order backwards for stacked area plots
- 8916 [component: docs] Update 1.1.0.rst
- 8930 [component: docs] Docs: fix typo
- 8933 [component: docs] Add release notes for 1.2

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.1

CVSS v3 Details

MEDIUM 6.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
CHANGED
Confidentiality Impact (C)
LOW
Integrity Impact (I)
LOW
Availability Availability (A)
NONE

CVSS v2 Details

MEDIUM 4.3
Access Vector (AV)
NETWORK
Access Complexity (AC)
MEDIUM
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
PARTIAL
Availability Impact (A)
NONE