Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

bottlepy bottle vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3
CVE-2022-31799
Bottle prior to 0.12.20 mishandles errors during early request binding.
Bottlepy BottleDebian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Fedoraproject Fedora 35Fedoraproject Fedora 36
6.8
CVSSv3
CVE-2020-28473
The package bottle from 0 and prior to 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the pr...
Bottlepy BottleDebian Debian Linux 9.0
6.5
CVSSv3
CVE-2016-9964
redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.
Bottlepy Bottle 0.12.10Debian Debian Linux 8.0
NA
CVE-2014-3137
Bottle 0.10.x prior to 0.10.12, 0.11.x prior to 0.11.7, and 0.12.x prior to 0.12.6 does not properly limit content types, which allows remote malicious users to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that w...
Bottlepy Bottle 0.10.6Bottlepy Bottle 0.10.4Bottlepy Bottle 0.11.5Bottlepy Bottle 0.11.3Bottlepy Bottle 0.12.4Bottlepy Bottle 0.12.2Bottlepy Bottle 0.12.0Bottlepy Bottle 0.10.2Bottlepy Bottle 0.10.1Bottlepy Bottle 0.10.0Bottlepy Bottle 0.11.7Bottlepy Bottle 0.10.11Bottlepy Bottle 0.10.10Bottlepy Bottle 0.10.9Bottlepy Bottle 0.10.8Bottlepy Bottle 0.10.7Bottlepy Bottle 0.11.2Bottlepy Bottle 0.11.1Bottlepy Bottle 0.11.0Bottlepy Bottle 0.12.5Bottlepy Bottle 0.10.5Bottlepy Bottle 0.10.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook