3 matches found
metadoc (>=0.9.1 <=0.10.5), sphinxmark (>=0.1.15 <=0.1.16) potentially affected by CVE-2016-9964 via bottle (=0.12.10)
bottle PYPI version =0.12.10 is affected by a known vulnerability. The following packages have a transitive dependency on bottle and may be impacted: - metadoc =0.9.1, =0.1.15, =0.1.16 Source cves: CVE-2016-9964 Source advisory: OSV:GHSA-J6F7-HGHW-G437...
PYSEC-2016-24
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
metadoc (>=0.9.1 <=0.10.5), sphinxmark (>=0.1.15 <=0.1.16) potentially affected by CVE-2016-9964 via bottle (=0.12.10)
bottle PYPI version =0.12.10 is affected by a known vulnerability. The following packages have a transitive dependency on bottle and may be impacted: - metadoc =0.9.1, =0.1.15, =0.1.16 Source cves: CVE-2016-9964 Source advisory: OSV:PYSEC-2016-24...