Astra Linux - уязвимость в python-bottle

Packages from versions 0 and before 0.12.19 are vulnerable to Web Cache Poisoning, due to a mechanism called “parameter cloaking”. When attackers can separate query parameters using a semicolon ;, they can create a discrepancy in the interpretation of requests between the proxy running with defau...

EUVD-2021-0038

Malware in sbrugna...

Ubuntu 16.04 ESM : Bottle vulnerability (USN-5532-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5532-2 advisory. USN-5532-1 fixed a vulnerability in Bottle. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM Tenable has extracted the...

Bottle 安全漏洞

Bottle is a simple and lightweight Python-based WSGI micro web framework from the Bottle community. A security vulnerability exists in Bottles prior to version 51.0, which stems from an error handling YAML that allows remote code execution via a crafted file...

SUSE CVE-2022-31799

Bottle before 0.12.20 mishandles errors during early request binding...

USN-5532-2 python-bottle vulnerability

USN-5532-1 fixed a vulnerability in Bottle. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM Original advisory details: It was discovered that Bottle incorrectly handled errors during early request binding. An attacker could possibly use this issue to disclo...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Bottle vulnerability (USN-5532-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5532-1 advisory. It was discovered that Bottle incorrectly handled errors during early request binding. An attacker could possibly use this issue to disclo...

ait-core (>=2.0.0 <=2.3.5), ait-dsn (=2.0.0) +51 more potentially affected by CVE-2022-31799 via bottle (>=0.12.10 <=0.12.19)

bottle PYPI version =0.12.10, =2.0.0, =0.1.0, =0.11.0, =0.14.0, =0.1.0, =0.4.0, =0.11.0, =0.13.0 and more Source cves: CVE-2022-31799 Source advisory: OSV:GHSA-XHP9-4947-RQ78...

ait-core (>=2.0.0 <=2.3.5), ait-dsn (=2.0.0) +51 more potentially affected by CVE-2022-31799 via bottle (>=0.12.10 <=0.12.19)

bottle PYPI version =0.12.10, =2.0.0, =0.1.0, =0.11.0, =0.14.0, =0.1.0, =0.4.0, =0.11.0, =0.13.0 and more Source cves: CVE-2022-31799 Source advisory: OSV:PYSEC-2022-227...

GHSA-873Q-WPQR-XFGW Bottle does not properly limit content-types

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...

Ubuntu 18.04 LTS / 20.04 LTS : Bottle vulnerability (USN-5105-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5105-1 advisory. It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests. Tenable has...

USN-5105-1: Bottle vulnerability

It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests...

HTTP Request Smuggling

bottle is vulnerable to HTTP request smuggling. An attacker is able to send a malicious request containing a separate query parameter using a semicolon ;, resulting in unexpected interpretations of the request between the proxy and the server, and potentially poisoning the web cache...

ait-core (>=2.0.0 <=2.3.5), ait-dsn (=2.0.0) +47 more potentially affected by CVE-2020-28473 via bottle (>=0.12.10 <=0.12.18)

bottle PYPI version =0.12.10, =2.0.0, =0.1.0, =0.11.0, =0.14.0, =0.1.0, =0.4.0, =0.11.0, =0.13.0 and more Source cves: CVE-2020-28473 Source advisory: OSV:PYSEC-2021-129...

Bottle Environmental Vulnerability

Bottle is a simple and lightweight Python-based WSGI micro web framework from the Bottle community. A security vulnerability exists in bottle versions 0 through 0.12.19, where an attacker's use of semicolons to separate query parameters results in a different interpretation of requests between th...

ait-core (>=2.0.0 <=2.3.5), ait-dsn (=2.0.0) +47 more potentially affected by CVE-2020-28473 via bottle (>=0.12.10 <=0.12.18)

bottle PYPI version =0.12.10, =2.0.0, =0.1.0, =0.11.0, =0.14.0, =0.1.0, =0.4.0, =0.11.0, =0.13.0 and more Source cves: CVE-2020-28473 Source advisory: SNYK:PYTHON-BOTTLE-1017108...

CVE-2014-3137

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...