Lucene search
K
BottlepyBottle

4 matches found

CVE
CVE
added 2022/05/29 9:25 p.m.212 views

CVE-2022-31799

Bottle before 0.12.20 mishandles errors during early request binding, exposing a vulnerability that can disclose sensitive information. Public advisories confirm affected software: python-bottle up to 0.12.19/0.12.20. Debian security notes (DSA and DLA) describe the issue and recommend upgrading ...

9.8CVSS9.2AI score0.01869EPSS
CVE
CVE
added 2021/01/18 11:15 a.m.192 views

CVE-2020-28473

CVE-2020-28473 affects the bottle Python package (versions before 0.12.19). The underlying issue is parameter cloaking: if an attacker uses semicolon to separate query parameters, the proxy and server may interpret the request differently, causing malicious requests to be cached as safe. This ena...

6.8CVSS6.3AI score0.01837EPSS
CVE
CVE
added 2016/12/16 9:2 a.m.115 views

CVE-2016-9964

The CVE corresponds to a CRLF injection in bottle.py (bottle 0.12.10) where redirect() does not filter a "\r\n" sequence, enabling HTTP header injection. Public disclosures across multiple feeds confirm the issue is caused by improper handling of redirections, with clear remediation guidance to u...

6.5CVSS6.1AI score0.01761EPSS
CVE
CVE
added 2014/10/25 10:0 p.m.61 views

CVE-2014-3137

CVE-2014-3137 affects Bottle: 0.10.x prior to 0.10.12, 0.11.x prior to 0.11.7, and 0.12.x prior to 0.12.6. The issue is that the framework does not properly constrain accepted Content-Types, allowing an attacker to bypass access restrictions by sending an initial accepted Content-Type followed by...

6.8CVSS7.3AI score0.03101EPSS