CVE-2022-31799
CRITICALBottle < 0.12.20 - Denial of Service via Early Request Binding Error Handling
Title source: llmDescription
Bottle before 0.12.20 mishandles errors during early request binding.
References (7)
Core 7
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00
Patch, Third Party Advisory x_refsource_misc
https://github.com/bottlepy/bottle/commit/a2b0ee6bb4ce88895429ec4aca856616244c4c4c
Third Party Advisory x_refsource_misc
https://github.com/bottlepy/bottle/compare/0.12.19...0.12.20
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/06/msg00010.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2022/dsa-5159
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE7U6J45PUEXIYYVWJKPM6QXIRKDK4HD/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTLOQGMDZEPIYTFC2G53OQV2ULCGYS3F/
Scores
CVSS v3
9.8
EPSS
0.0187
EPSS Percentile
76.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-755
Status
published
Products (7)
bottlepy/bottle
< 0.12.20
debian/debian_linux
9.0
debian/debian_linux
10.0
debian/debian_linux
11.0
fedoraproject/fedora
35
fedoraproject/fedora
36
pypi/bottle
0 - 0.12.20PyPI
Published
Jun 02, 2022
Tracked Since
Feb 18, 2026