CVE-2022-31799

Опубликовано: 02 июн. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Bottle before 0.12.20 mishandles errors during early request binding.

Ссылки

https://github.com/bottlepy/bottle/commit/a2b0ee6bb4ce88895429ec4aca856616244c4c4c
Patch
Third Party Advisory
https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00
Patch
Third Party Advisory
https://github.com/bottlepy/bottle/compare/0.12.19...0.12.20
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/06/msg00010.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE7U6J45PUEXIYYVWJKPM6QXIRKDK4HD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTLOQGMDZEPIYTFC2G53OQV2ULCGYS3F/
https://www.debian.org/security/2022/dsa-5159
Third Party Advisory
https://github.com/bottlepy/bottle/commit/a2b0ee6bb4ce88895429ec4aca856616244c4c4c
Patch
Third Party Advisory
https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00
Patch
Third Party Advisory
https://github.com/bottlepy/bottle/compare/0.12.19...0.12.20
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/06/msg00010.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE7U6J45PUEXIYYVWJKPM6QXIRKDK4HD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTLOQGMDZEPIYTFC2G53OQV2ULCGYS3F/
https://www.debian.org/security/2022/dsa-5159
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bottlepy:bottle:*:*:*:*:*:*:*:*

Версия до 0.12.20 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00323

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-755

Связанные уязвимости

CVE-2022-31799

CVSS3: 9.8

ubuntu

больше 3 лет назад

Bottle before 0.12.20 mishandles errors during early request binding.

CVE-2022-31799

CVSS3: 9.8

debian

больше 3 лет назад

Bottle before 0.12.20 mishandles errors during early request binding.

SUSE-SU-2022:3103-1

suse-cvrf

больше 3 лет назад

Security update for python-bottle

GHSA-xhp9-4947-rq78

CVSS3: 9.8

github

больше 3 лет назад

Denial of service in bottle

BDU:2024-04113

CVSS3: 9.8

fstec

больше 3 лет назад

Уязвимость микровеб-фреймворк WSGI для Python Bottle, связанная с неправильным обращением с исключительными условиями, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 55%

0.00323

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-755