What is CVE-2020-28473?

CVE-2020-28473 is a medium-severity vulnerability in Bottle. CVSS score: 6.8/10. Published 2021-01-18.

How severe is CVE-2020-28473?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Bottle

CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the inter…

EPSS: 0.002 (47.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C.

Affected products

N/a Bottle — versions 0, unspecified

References

snyk.io/vuln/SNYK-PYTHON-BOTTLE-1017108 (x_refsource_MISC)
github.com/bottlepy/bottle (x_refsource_MISC)
snyk.io/blog/cache-poisoning-in-popular-open-source-packages/ (x_refsource_CONFIRM)
[debian-lts-announce] 20210124 [SECURITY] [DLA 2531-1] python-bottle security update (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2020-28473?: CVE-2020-28473 is a medium-severity vulnerability in Bottle. CVSS score: 6.8/10. Published 2021-01-18.
How severe is CVE-2020-28473?: Medium severity. CVSS v3 base score is 6.8 out of 10.