VYPR

Bottle

by Bottlepy

pypi: bottle

Source repositories

CVEs (3)

  • CVE-2016-9964MedDec 16, 2016
    risk 0.35cvss 6.5epss 0.02

    redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.

  • CVE-2023-22970May 26, 2023
    risk 0.00cvss epss 0.00

    Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.

  • CVE-2014-3137Oct 25, 2014
    risk 0.00cvss epss 0.03

    Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be…