RSS   Podatności dla 'Bottle'   RSS

2014-10-25
 
CVE-2014-3137

CWE-20
 

 
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.

 


Copyright 2024, cxsecurity.com

 

Back to Top