VIR Vulnerability Intelligence Relay

Package impact

python PyPI / bottle

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2014-3137 medium 6.8 12y ago Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepte… debianpython
CVE-2016-9964 medium 6.5 6.5 10y ago redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. debianpython
CVE-2020-28473 medium 5.5 5y ago The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), … archsusedebianpython
CVE-2022-31799 unknown 4y ago Bottle before 0.12.20 mishandles errors during early request binding. susedebianpython