2 matches found
CVE-2022-31799
Bottle before 0.12.20 mishandles errors during early request binding, exposing a vulnerability that can disclose sensitive information. Public advisories confirm affected software: python-bottle up to 0.12.19/0.12.20. Debian security notes (DSA and DLA) describe the issue and recommend upgrading ...
CVE-2020-28473
CVE-2020-28473 affects the bottle Python package (versions before 0.12.19). The underlying issue is parameter cloaking: if an attacker uses semicolon to separate query parameters, the proxy and server may interpret the request differently, causing malicious requests to be cached as safe. This ena...