Back to search
CVE-2014-3137
Published: Oct 25, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/defnull/bottle/issues/616
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1093255
x_refsource_CONFIRM
[oss-security] 20140501 Re: CVE request: Python Bottle JSON content-type not restrictive enough
mailing-list
x_refsource_MLIST
DSA-2948
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now