Bottle — CVE history (PyPI)
Bottle
3 CVEs affect the Bottle PyPI package (highest CVSS 6.8). Latest disclosed: 2021-01-18. Full CVE history sourced from NVD.
Summary
- Package
Bottle(PyPI)- Total CVEs
3- Actively exploited (CISA KEV)
- 0
- Highest CVSS
6.8- Latest disclosed
- 2021-01-18
Recent CVEs (top 3)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-28473 | Medium | 6.8 | — | 2021-01-18 | The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. |
CVE-2016-9964 | Medium | 6.5 | — | 2016-12-16 | redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. |
CVE-2014-3137 | — | — | — | 2014-10-25 | Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-col… |
All-time worst (top 2 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-28473 | Medium | 6.8 | — | 2021-01-18 | The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. |
CVE-2016-9964 | Medium | 6.5 | — | 2016-12-16 | redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. |