Vulnerabilities > Bottlepy

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-31799 Improper Handling of Exceptional Conditions vulnerability in multiple products
Bottle before 0.12.20 mishandles errors during early request binding.
network
low complexity
bottlepy debian fedoraproject CWE-755
critical
9.8
2021-01-18 CVE-2020-28473 HTTP Request Smuggling vulnerability in multiple products
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking.
network
high complexity
bottlepy debian CWE-444
6.8
2016-12-16 CVE-2016-9964 CRLF Injection vulnerability in multiple products
redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.
network
low complexity
bottlepy debian CWE-93
6.5