Vulnerabilities > Bottlepy

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-02	CVE-2022-31799	Improper Handling of Exceptional Conditions vulnerability in multiple products Bottle before 0.12.20 mishandles errors during early request binding. network low complexity bottlepy debian fedoraproject CWE-755 critical	9.8
2021-01-18	CVE-2020-28473	HTTP Request Smuggling vulnerability in multiple products The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. network bottlepy debian CWE-444	5.8
2016-12-16	CVE-2016-9964	CRLF Injection vulnerability in multiple products redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. network bottlepy debian CWE-93	4.3
2014-10-25	CVE-2014-3137	Improper Input Validation vulnerability in Bottlepy Bottle Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code. network bottlepy CWE-20	6.8

Vulnerabilities > Bottlepy {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Bottlepy"}]}