Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bottle 授权问题漏洞
Vulnerability Description
Bottle是德国软件开发者Marcel Hellkamp所研发的一套轻量级的Python Web框架,它提供了一个包含有路径映射、模板、简单的数据库访问等web框架组件的文件。 Bottle中存在安全漏洞,该漏洞源于程序没有正确限制内容类型。远程攻击者可借助特制的Content-Type利用该漏洞绕过既定的访问限制。以下版本受到影响:Bottle 0.10.12之前0.10.x版本,0.11.7之前0.11.x版本,0.12.6之前0.12.x版本。
CVSS Information
N/A
Vulnerability Type
N/A