Bottlepy Bottle
2 CVEs affecting Bottlepy Bottle. Latest disclosed: 2016-12-16. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-9964 | Medium | 6.5 | 2016-12-16 | redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: nam… |
CVE-2014-3137 | | 2014-10-25 | Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass int… |