Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Bottle
(Bottlepy)| Repositories | https://github.com/bottlepy/bottle |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-12-16 | CVE-2016-9964 | redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. | Bottle, Debian_linux | 6.5 | ||
| 2014-10-25 | CVE-2014-3137 | Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code. | Bottle | N/A |