CVE-2020-28473

NameCVE-2020-28473
DescriptionThe package bottle from 0 and before 0.12.19 are vulnerable to Web Cac ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2531-1, ELA-350-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-bottle (PTS)jessie, jessie (lts)0.12.7-1+deb8u3fixed
stretch0.12.13-1vulnerable
stretch (security)0.12.13-1+deb9u1fixed
buster0.12.15-2+deb10u1fixed
sid, bullseye0.12.19-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-bottlesourcejessie0.12.7-1+deb8u3ELA-350-1
python-bottlesourcestretch0.12.13-1+deb9u1DLA-2531-1
python-bottlesourcebuster0.12.15-2+deb10u1
python-bottlesource(unstable)0.12.19-1

Notes

https://snyk.io/vuln/SNYK-PYTHON-BOTTLE-1017108
Fixed by: https://github.com/bottlepy/bottle/commit/57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b (0.12.19)

Search for package or bug name: Reporting problems