Search CVE reports
1 – 4 of 4 results
Some fixes available 5 of 6
Bottle before 0.12.20 mishandles errors during early request binding.
1 affected package
python-bottle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-bottle | — | Fixed | Fixed | Fixed |
Some fixes available 3 of 9
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in...
1 affected package
python-bottle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-bottle | Not affected | Needs evaluation | Fixed | Fixed |
Some fixes available 3 of 4
redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.
1 affected package
python-bottle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-bottle | — | Not affected | Not affected | Not affected |
Some fixes available 1 of 5
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ;...
1 affected package
python-bottle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-bottle | — | Not affected | Not affected | Not affected |