First published: Thu May 01 2014(Updated: )
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Bottlepy Bottle | =0.10.0 | |
Bottlepy Bottle | =0.10.1 | |
Bottlepy Bottle | =0.10.2 | |
Bottlepy Bottle | =0.10.3 | |
Bottlepy Bottle | =0.10.4 | |
Bottlepy Bottle | =0.10.5 | |
Bottlepy Bottle | =0.10.6 | |
Bottlepy Bottle | =0.10.7 | |
Bottlepy Bottle | =0.10.8 | |
Bottlepy Bottle | =0.10.9 | |
Bottlepy Bottle | =0.10.10 | |
Bottlepy Bottle | =0.10.11 | |
Bottlepy Bottle | =0.11.0 | |
Bottlepy Bottle | =0.11.1 | |
Bottlepy Bottle | =0.11.2 | |
Bottlepy Bottle | =0.11.3 | |
Bottlepy Bottle | =0.11.4 | |
Bottlepy Bottle | =0.11.5 | |
Bottlepy Bottle | =0.11.6 | |
Bottlepy Bottle | =0.11.7 | |
Bottlepy Bottle | =0.12.0 | |
Bottlepy Bottle | =0.12.1 | |
Bottlepy Bottle | =0.12.2 | |
Bottlepy Bottle | =0.12.3 | |
Bottlepy Bottle | =0.12.4 | |
Bottlepy Bottle | =0.12.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.