Skip to main content

Bottle

3 CVEs product

Monthly

CVE-2022-31799 PyPI CRITICAL PATCH Act Now

Bottle before 0.12.20 mishandles errors during early request binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bottle Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2016-9964 PyPI MEDIUM PATCH This Month

redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bottle Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2014-3137 PyPI MEDIUM PATCH This Month

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Bottle
NVD GitHub
CVSS 2.0
6.8
EPSS
0.9%
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Bottle before 0.12.20 mishandles errors during early request binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bottle Debian Linux +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bottle Debian Linux
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Bottle
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy