PYSEC-2014-77

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/bottle/PYSEC-2014-77.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2014-77

Aliases

Published

2014-10-25T22:55:00Z

Modified

2023-11-08T03:57:37.079184Z

Summary

[none]

Details

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.

References

Affected packages

PyPI / bottle

Package

Name: bottle; View open source insights on deps.dev
Purl: pkg:pypi/bottle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.8

Fixed

0.10.12

Introduced

0.11

Fixed

0.11.7

Introduced

0.12

Fixed

0.12.6

Affected versions

0.*

0.8.1

0.8.2

0.8.3

0.8.4

0.8.5

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.10.1

0.10.2

0.10.3

0.10.4

0.10.5

0.10.6

0.10.7

0.10.8

0.10.9

0.10.10

0.10.11

0.11.1

0.11.2

0.11.3

0.11.4

0.11.5

0.11.6

0.12.1

0.12.2

0.12.3

0.12.4

0.12.5