Vendor
Bottlepy
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- Bottle3 CVEspypi
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9964 | Med | 0.35 | 6.5 | 0.02 | Dec 16, 2016 | redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. | ||
| CVE-2023-22970 | 0.00 | — | 0.00 | May 26, 2023 | Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file. | |||
| CVE-2014-3137 | 0.00 | — | 0.03 | Oct 25, 2014 | Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be… |
- risk 0.35cvss 6.5epss 0.02
redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.
- CVE-2023-22970May 26, 2023risk 0.00cvss —epss 0.00
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.
- CVE-2014-3137Oct 25, 2014risk 0.00cvss —epss 0.03
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be…