CVE-2022-31799

CRITICAL

Bottle < 0.12.20 - Improper Exception Handling

Title source: rule

Description

Bottle before 0.12.20 mishandles errors during early request binding.

References (7)

[Patch, Third Party Advisory] https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00

View Patch ZIP pw:eip

[Patch, Third Party Advisory] https://github.com/bottlepy/bottle/commit/a2b0ee6bb4ce88895429ec4aca856616244c4c4c

[Third Party Advisory] https://github.com/bottlepy/bottle/compare/0.12.19...0.12.20

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/06/msg00010.html

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5159

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE7U6J45PUEXIYYVWJKPM6QXIRKDK4HD/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTLOQGMDZEPIYTFC2G53OQV2ULCGYS3F/

Scores

CVSS v3 9.8

EPSS 0.0032

EPSS Percentile 55.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-755

Status published

Products (7)

bottlepy/bottle < 0.12.20

debian/debian_linux 9.0

debian/debian_linux 10.0

debian/debian_linux 11.0

fedoraproject/fedora 35

fedoraproject/fedora 36

pypi/bottle 0 - 0.12.20PyPI

Published Jun 02, 2022

Tracked Since Feb 18, 2026