CNNVD-202601-1569 Information

CNNVD ID

CNNVD-202601-1569

Related CVE

CVE-2026-21883

• CNNVD Published: 2026-01-08

Description (Chinese)

bokeh是Bokeh开源的一个数据可视化的Python库。 bokeh 3.8.1及之前版本存在安全漏洞，该漏洞源于允许列表配置不当，可能导致攻击者与Bokeh服务器交互。

Description (English)

bokeh is a visualized Python library of Bokeh open source data. There is a security loophole in bokeh 3.8.1 and earlier versions, which stems from the inappropriate configuration of the allowed list, which may lead to interaction between the attackers and the Bokeh server.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Bokeh

Published

2026-01-08

Last Modified

2026-02-24

References

https://github.com/bokeh/bokeh/commit/cedd113b0e271b439dce768671685cf5f861812e https://github.com/bokeh/bokeh/security/advisories/GHSA-793v-589g-574v

Patch

https://github.com/bokeh/bokeh/tags