CVE-2022-31799

Name
CVE-2022-31799
Description
Bottle before 0.12.20 mishandles errors during early request binding.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/bottlepy/bottle/compare/0.12.19...0.12.20
MISC https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00
MISC https://github.com/bottlepy/bottle/commit/a2b0ee6bb4ce88895429ec4aca856616244c4c4c
MLIST https://lists.debian.org/debian-lts-announce/2022/06/msg00010.html
DEBIAN https://www.debian.org/security/2022/dsa-5159
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IE7U6J45PUEXIYYVWJKPM6QXIRKDK4HD/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KTLOQGMDZEPIYTFC2G53OQV2ULCGYS3F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE7U6J45PUEXIYYVWJKPM6QXIRKDK4HD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTLOQGMDZEPIYTFC2G53OQV2ULCGYS3F/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:bottlepy:bottle:*:*:*:*:*:*:*:* bottle >= None < 0.12.20

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
py3-bottle edge-community 0.12.21-r0 Paul Kilar <pkilar@gmail.com> fixed
py3-bottle 3.22-community 0.12.21-r0 None fixed
py3-bottle 3.21-community 0.12.21-r0 None fixed
py3-bottle 3.20-community 0.12.21-r0 None fixed
py3-bottle 3.19-community 0.12.21-r0 None fixed
py3-bottle 3.18-community 0.12.21-r0 None fixed
py3-bottle 3.17-community 0.12.21-r0 None fixed