Bottle 0.10.x prior to 0.10.12, 0.11.x prior to 0.11.7, and 0.12.x prior to 0.12.6 does not properly limit content types, which allows remote malicious users to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bottlepy bottle 0.10.6 |
||
bottlepy bottle 0.10.4 |
||
bottlepy bottle 0.11.5 |
||
bottlepy bottle 0.11.3 |
||
bottlepy bottle 0.12.4 |
||
bottlepy bottle 0.12.2 |
||
bottlepy bottle 0.12.0 |
||
bottlepy bottle 0.10.2 |
||
bottlepy bottle 0.10.1 |
||
bottlepy bottle 0.10.0 |
||
bottlepy bottle 0.11.7 |
||
bottlepy bottle 0.10.11 |
||
bottlepy bottle 0.10.10 |
||
bottlepy bottle 0.10.9 |
||
bottlepy bottle 0.10.8 |
||
bottlepy bottle 0.10.7 |
||
bottlepy bottle 0.11.2 |
||
bottlepy bottle 0.11.1 |
||
bottlepy bottle 0.11.0 |
||
bottlepy bottle 0.12.5 |
||
bottlepy bottle 0.10.5 |
||
bottlepy bottle 0.10.3 |
||
bottlepy bottle 0.11.6 |
||
bottlepy bottle 0.11.4 |
||
bottlepy bottle 0.12.3 |
||
bottlepy bottle 0.12.1 |