Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04NzNxLXdwcXIteGZnd84AAd8X
Bottle does not properly limit content-types
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ;
(semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04NzNxLXdwcXIteGZnd84AAd8X
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 9 months ago
Identifiers: GHSA-873q-wpqr-xfgw, CVE-2014-3137
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-3137
- https://bugzilla.redhat.com/show_bug.cgi?id=1093255
- http://www.debian.org/security/2014/dsa-2948
- http://www.openwall.com/lists/oss-security/2014/05/01/15
- https://github.com/bottlepy/bottle/issues/616
- https://github.com/advisories/GHSA-873q-wpqr-xfgw
Blast Radius: 0.0
Affected Packages
pypi:bottle
Dependent packages: 138Dependent repositories: 10,118
Downloads: 3,669,560 last month
Affected Version Ranges: >= 0.12.0, < 0.12.6, >= 0.11.0, < 0.11.7, >= 0.10.0, < 0.10.12
Fixed in: 0.12.6, 0.11.7, 0.10.12
All affected versions: 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 0.10.10, 0.10.11, 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.11.5, 0.11.6, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.12.5
All unaffected versions: 0.4.3, 0.4.4, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.10, 0.4.11, 0.4.12, 0.4.13, 0.4.14, 0.5.3, 0.5.4, 0.5.6, 0.5.7, 0.5.8, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.10.12, 0.11.7, 0.12.6, 0.12.7, 0.12.8, 0.12.9, 0.12.10, 0.12.11, 0.12.12, 0.12.13, 0.12.14, 0.12.15, 0.12.16, 0.12.17, 0.12.18, 0.12.19, 0.12.20, 0.12.21, 0.12.22, 0.12.23, 0.12.24, 0.12.25