← back
CVE-2014-3137

CVE-2014-3137

EPSS 3.1%
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=1093255https://github.com/defnull/bottle/issues/616http://www.debian.org/security/2014/dsa-2948http://www.openwall.com/lists/oss-security/2014/05/01/15