Improper input validation in Bottlepy Bottle

CVE-2014-3137

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-col…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.009 (76.6th percentile) — read the EPSS interpretation.

Affected products

Bottlepy Bottle — versions 0.10.0, 0.10.1, 0.10.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
[oss-security] 20140501 Re: CVE request: Python Bottle JSON content-type not restrictive enough (mailing-list, x_refsource_MLIST)
DSA-2948 (vendor-advisory, x_refsource_DEBIAN)