| Package | Installed | Affected | Info |
|---|---|---|---|
| bokeh | 1.0.3 | <1.1.0 |
show Bokeh 1.1.0 updates its NPM dependency 'handlebars' to v4.1.0 to include a security fix. |
| bokeh | 1.0.3 | <3.8.2 |
show Affected versions of the bokeh package are vulnerable to Cross-Site WebSocket Hijacking due to flawed allowlist hostname matching that permits incomplete Origin validation. The match_host function in src/bokeh/server/util.py uses zip() to compare hostname segments against allowlist patterns and fails to reject hosts that are longer than the configured pattern, allowing attacker-controlled Origins that merely start with an allowlisted host to be treated as trusted. |
| bokeh | 1.0.3 | <1.0.4 |
show Bokeh before 1.0.4 used a Pyyaml version that was vulnerable to CVE-2017-18342. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'js-yaml' to v3.13.1 to include a security fix. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'handlebars' to v4.1.2 to include a security fix. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| bokeh | 1.0.3 | <1.1.0 |
show Bokeh 1.1.0 updates its NPM dependency 'handlebars' to v4.1.0 to include a security fix. |
| bokeh | 1.0.3 | <3.8.2 |
show Affected versions of the bokeh package are vulnerable to Cross-Site WebSocket Hijacking due to flawed allowlist hostname matching that permits incomplete Origin validation. The match_host function in src/bokeh/server/util.py uses zip() to compare hostname segments against allowlist patterns and fails to reject hosts that are longer than the configured pattern, allowing attacker-controlled Origins that merely start with an allowlisted host to be treated as trusted. |
| bokeh | 1.0.3 | <1.0.4 |
show Bokeh before 1.0.4 used a Pyyaml version that was vulnerable to CVE-2017-18342. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'js-yaml' to v3.13.1 to include a security fix. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'handlebars' to v4.1.2 to include a security fix. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| bokeh | 1.0.3 | <1.1.0 |
show Bokeh 1.1.0 updates its NPM dependency 'handlebars' to v4.1.0 to include a security fix. |
| bokeh | 1.0.3 | <3.8.2 |
show Affected versions of the bokeh package are vulnerable to Cross-Site WebSocket Hijacking due to flawed allowlist hostname matching that permits incomplete Origin validation. The match_host function in src/bokeh/server/util.py uses zip() to compare hostname segments against allowlist patterns and fails to reject hosts that are longer than the configured pattern, allowing attacker-controlled Origins that merely start with an allowlisted host to be treated as trusted. |
| bokeh | 1.0.3 | <1.0.4 |
show Bokeh before 1.0.4 used a Pyyaml version that was vulnerable to CVE-2017-18342. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'js-yaml' to v3.13.1 to include a security fix. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'handlebars' to v4.1.2 to include a security fix. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| bokeh | 1.0.3 | <1.1.0 |
show Bokeh 1.1.0 updates its NPM dependency 'handlebars' to v4.1.0 to include a security fix. |
| bokeh | 1.0.3 | <3.8.2 |
show Affected versions of the bokeh package are vulnerable to Cross-Site WebSocket Hijacking due to flawed allowlist hostname matching that permits incomplete Origin validation. The match_host function in src/bokeh/server/util.py uses zip() to compare hostname segments against allowlist patterns and fails to reject hosts that are longer than the configured pattern, allowing attacker-controlled Origins that merely start with an allowlisted host to be treated as trusted. |
| bokeh | 1.0.3 | <1.0.4 |
show Bokeh before 1.0.4 used a Pyyaml version that was vulnerable to CVE-2017-18342. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'js-yaml' to v3.13.1 to include a security fix. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'handlebars' to v4.1.2 to include a security fix. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| bokeh | 1.0.3 | <1.1.0 |
show Bokeh 1.1.0 updates its NPM dependency 'handlebars' to v4.1.0 to include a security fix. |
| bokeh | 1.0.3 | <3.8.2 |
show Affected versions of the bokeh package are vulnerable to Cross-Site WebSocket Hijacking due to flawed allowlist hostname matching that permits incomplete Origin validation. The match_host function in src/bokeh/server/util.py uses zip() to compare hostname segments against allowlist patterns and fails to reject hosts that are longer than the configured pattern, allowing attacker-controlled Origins that merely start with an allowlisted host to be treated as trusted. |
| bokeh | 1.0.3 | <1.0.4 |
show Bokeh before 1.0.4 used a Pyyaml version that was vulnerable to CVE-2017-18342. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'js-yaml' to v3.13.1 to include a security fix. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes. |
| bokeh | 1.0.3 | <2.4.2 |
show Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes. |
| bokeh | 1.0.3 | <1.2.0 |
show Bokeh 1.2.0 updates its NPM dependency 'handlebars' to v4.1.2 to include a security fix. |
https://pyup.io/repos/github/leifwalsh/perfume/python-3-shield.svg
[](https://pyup.io/repos/github/leifwalsh/perfume/)
.. image:: https://pyup.io/repos/github/leifwalsh/perfume/python-3-shield.svg
:target: https://pyup.io/repos/github/leifwalsh/perfume/
:alt: Python 3
<a href="https://pyup.io/repos/github/leifwalsh/perfume/"><img src="https://pyup.io/repos/github/leifwalsh/perfume/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/leifwalsh/perfume/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/leifwalsh/perfume/
{<img src="https://pyup.io/repos/github/leifwalsh/perfume/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/leifwalsh/perfume/]
https://pyup.io/repos/github/leifwalsh/perfume/shield.svg
[](https://pyup.io/repos/github/leifwalsh/perfume/)
.. image:: https://pyup.io/repos/github/leifwalsh/perfume/shield.svg
:target: https://pyup.io/repos/github/leifwalsh/perfume/
:alt: Updates
<a href="https://pyup.io/repos/github/leifwalsh/perfume/"><img src="https://pyup.io/repos/github/leifwalsh/perfume/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/leifwalsh/perfume/shield.svg(Updates)!:https://pyup.io/repos/github/leifwalsh/perfume/
{<img src="https://pyup.io/repos/github/leifwalsh/perfume/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/leifwalsh/perfume/]