Bottle Security Vulnerabilities and Issues — Bottle CVE List

Lucene search

BottlepyBottle

4 matches found

CVE•added 2022/06/02 2:15 p.m.•183 views

CVE-2022-31799

Bottle before 0.12.20 mishandles errors during early request binding.

9.8CVSS9.2AI score0.00442EPSS

CVE•added 2021/01/18 12:15 p.m.•168 views

CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with def...

6.8CVSS6.3AI score0.00268EPSS

CVE•added 2016/12/16 9:59 a.m.•104 views

CVE-2016-9964

redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.

6.5CVSS6.1AI score0.01087EPSS

CVE•added 2014/10/25 10:55 p.m.•47 views

CVE-2014-3137

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demons...

6.8CVSS7.3AI score0.0094EPSS