VYPR
Medium severity6.5NVD Advisory· Published Dec 16, 2016· Updated Jun 17, 2026

CVE-2016-9964

CVE-2016-9964

Description

redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
bottlePyPI
>= 0.10.1, < 0.12.110.12.11

Affected products

3

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.