CVE-2014-3137 — CVSS 6.8 (medium): Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote…
CVE-2020-28473 — CVSS 6.8 (medium): The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the…
CVE-2016-9964 — CVSS 6.5 (medium): redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a…