20 matches found
SUSE CVE-2014-3137
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...
SUSE CVE-2016-9964
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
USN-5532-1 python-bottle vulnerability
It was discovered that Bottle incorrectly handled errors during early request binding. An attacker could possibly use this issue to disclose sensitive information. CVE-2022-31799...
DEBIAN-CVE-2022-31799
Bottle before 0.12.20 mishandles errors during early request binding...
CVE-2022-31799
Bottle before 0.12.20 mishandles errors during early request binding...
CVE-2022-31799
Bottle before 0.12.20 mishandles errors during early request binding...
CVE-2022-31799
Bottle before 0.12.20 mishandles errors during early request binding...
PYSEC-2022-227
Bottle before 0.12.20 mishandles errors during early request binding...
Bottle 安全特征问题漏洞
Bottle is a simple and lightweight Python-based WSGI micro web framework from the Bottle community. Bottle suffers from a security signature issue vulnerability that stems from a processing error during early request binding. A remote attacker could exploit this vulnerability to compromise the...
CVE-2022-31799
Bottle before 0.12.20 mishandles errors during early request binding...
CVE-2022-31799
Bottle before 0.12.20 mishandles errors during early request binding...
PT-2022-7348 · Bottle +6 · Bottle +6
Name of the Vulnerable Software and Affected Versions: Bottle versions prior to 0.12.20 Description: The issue is related to uncontrolled resource consumption and mishandling of errors during early request binding. This can allow a remote attacker to cause a denial of service. Recommendations: Fo...
GHSA-J6F7-HGHW-G437 bottle.py vulnerable to CRLF Injection
bottle.py is a fast and simple micro-framework for python web-applications. redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
GHSA-QHX9-7HX7-CP4R bottle HTTP Request smuggling
The package bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with default...
DEBIAN-CVE-2020-28473
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...
Bottle CRLF Injection Vulnerability
Bottle is a lightweight Python web framework developed by German software developer Marcel Hellkamp, which provides a file with path mapping, templates, simple database access and other web framework components. A security vulnerability exists in the 'redirect' function in Bottle version 0.12.10 ...
PYSEC-2016-24
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
PYSEC-2014-77
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...
PYSEC-2014-77
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...
Code injection
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...