| CVE-2014-3137 |
medium |
— |
6.8 |
|
|
|
12y ago |
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepte… |
| CVE-2016-9964 |
medium |
6.5 |
6.5 |
|
|
|
10y ago |
redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. |
| CVE-2020-28473 |
medium |
— |
5.5 |
|
|
|
5y ago |
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), … |
| CVE-2022-31799 |
unknown |
— |
— |
|
|
|
4y ago |
Bottle before 0.12.20 mishandles errors during early request binding. |
