183 matches found
CVE-2022-31799
Bottle before 0.12.20 mishandles errors during early request binding...
CVE-2022-31799
Bottle before 0.12.20 mishandles errors during early request binding...
PT-2022-7348 · Bottle +6 · Bottle +6
Name of the Vulnerable Software and Affected Versions: Bottle versions prior to 0.12.20 Description: The issue is related to uncontrolled resource consumption and mishandling of errors during early request binding. This can allow a remote attacker to cause a denial of service. Recommendations: Fo...
GHSA-873Q-WPQR-XFGW Bottle does not properly limit content-types
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...
Bottle does not properly limit content-types
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...
metadoc (>=0.9.1 <=0.10.5), sphinxmark (>=0.1.15 <=0.1.16) potentially affected by CVE-2016-9964 via bottle (=0.12.10)
bottle PYPI version =0.12.10 is affected by a known vulnerability. The following packages have a transitive dependency on bottle and may be impacted: - metadoc =0.9.1, =0.1.15, =0.1.16 Source cves: CVE-2016-9964 Source advisory: OSV:GHSA-J6F7-HGHW-G437...
GHSA-J6F7-HGHW-G437 bottle.py vulnerable to CRLF Injection
bottle.py is a fast and simple micro-framework for python web-applications. redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
Mageia: Security Advisory (MGASA-2017-0031)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2021-0171)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-5105-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 18.04 LTS / 20.04 LTS : Bottle vulnerability (USN-5105-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5105-1 advisory. It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests. Tenable has...
USN-5105-1 python-bottle vulnerability
It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests...
USN-5105-1: Bottle vulnerability
It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests...
SUSE: Security Advisory (SUSE-SU-2021:0483-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-36009
OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability...
Arbitrary file deletion
OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability...
CVE-2020-36009
OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability...
CVE-2020-36009
OBottle 2.0 in cg.php (the \c\g.php path) contains an arbitrary file download vulnerability. The CVE entry documents that this affects OBottle 2.0 and impacts confidentiality (C) with partial leakage per CVSS2/3 metrics, and contributes a HIGH impact under CVSSv3. The connected sources corroborat...
openSUSE: Security Advisory for python-bottle (openSUSE-SU-2021:0302-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GHSA-QHX9-7HX7-CP4R bottle HTTP Request smuggling
The package bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with default...