{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34930?format=json","vulnerability_id":"VCID-e293-3wep-hqc2","summary":"Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.","aliases":[{"alias":"CVE-2014-3137"},{"alias":"PYSEC-2014-77"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/8679?format=json","purl":"pkg:pypi/bottle@0.10.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.10.12"},{"url":"http://public2.vulnerablecode.io/api/packages/8680?format=json","purl":"pkg:pypi/bottle@0.11.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.7"},{"url":"http://public2.vulnerablecode.io/api/packages/8681?format=json","purl":"pkg:pypi/bottle@0.12.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.12.6"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/8644?format=json","purl":"pkg:pypi/bottle@0.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/8645?format=json","purl":"pkg:pypi/bottle@0.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/8646?format=json","purl":"pkg:pypi/bottle@0.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8647?format=json","purl":"pkg:pypi/bottle@0.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/8648?format=json","purl":"pkg:pypi/bottle@0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/8649?format=json","purl":"pkg:pypi/bottle@0.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/8650?format=json","purl":"pkg:pypi/bottle@0.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/8651?format=json","purl":"pkg:pypi/bottle@0.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8652?format=json","purl":"pkg:pypi/bottle@0.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.9.4"},{"url":"http://public2.vulnerablecode.io/api/packages/8653?format=json","purl":"pkg:pypi/bottle@0.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/8654?format=json","purl":"pkg:pypi/bottle@0.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/8655?format=json","purl":"pkg:pypi/bottle@0.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/8656?format=json","purl":"pkg:pypi/bottle@0.9.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.9.8"},{"url":"http://public2.vulnerablecode.io/api/packages/8657?format=json","purl":"pkg:pypi/bottle@0.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/8658?format=json","purl":"pkg:pypi/bottle@0.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.10.2"},{"url":"http://public2.vulnerablecode.io/api/packages/8659?format=json","purl":"pkg:pypi/bottle@0.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8660?format=json","purl":"pkg:pypi/bottle@0.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.10.4"},{"url":"http://public2.vulnerablecode.io/api/packages/8661?format=json","purl":"pkg:pypi/bottle@0.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.10.5"},{"url":"http://public2.vulnerablecode.io/api/packages/8662?format=json","purl":"pkg:pypi/bottle@0.10.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.10.6"},{"url":"http://public2.vulnerablecode.io/api/packages/8663?format=json","purl":"pkg:pypi/bottle@0.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.10.7"},{"url":"http://public2.vulnerablecode.io/api/packages/8664?format=json","purl":"pkg:pypi/bottle@0.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.10.8"},{"url":"http://public2.vulnerablecode.io/api/packages/8665?format=json","purl":"pkg:pypi/bottle@0.10.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.10.9"},{"url":"http://public2.vulnerablecode.io/api/packages/8666?format=json","purl":"pkg:pypi/bottle@0.10.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.10.10"},{"url":"http://public2.vulnerablecode.io/api/packages/8667?format=json","purl":"pkg:pypi/bottle@0.10.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.10.11"},{"url":"http://public2.vulnerablecode.io/api/packages/8668?format=json","purl":"pkg:pypi/bottle@0.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/8669?format=json","purl":"pkg:pypi/bottle@0.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.2"},{"url":"http://public2.vulnerablecode.io/api/packages/8670?format=json","purl":"pkg:pypi/bottle@0.11.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8671?format=json","purl":"pkg:pypi/bottle@0.11.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.4"},{"url":"http://public2.vulnerablecode.io/api/packages/8672?format=json","purl":"pkg:pypi/bottle@0.11.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.5"},{"url":"http://public2.vulnerablecode.io/api/packages/8673?format=json","purl":"pkg:pypi/bottle@0.11.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.6"},{"url":"http://public2.vulnerablecode.io/api/packages/8674?format=json","purl":"pkg:pypi/bottle@0.12.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.12.1"},{"url":"http://public2.vulnerablecode.io/api/packages/8675?format=json","purl":"pkg:pypi/bottle@0.12.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.12.2"},{"url":"http://public2.vulnerablecode.io/api/packages/8676?format=json","purl":"pkg:pypi/bottle@0.12.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.12.3"},{"url":"http://public2.vulnerablecode.io/api/packages/8677?format=json","purl":"pkg:pypi/bottle@0.12.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.12.4"},{"url":"http://public2.vulnerablecode.io/api/packages/8678?format=json","purl":"pkg:pypi/bottle@0.12.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-e293-3wep-hqc2"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.12.5"}],"references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093255","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1093255"},{"reference_url":"https://github.com/defnull/bottle/issues/616","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/defnull/bottle/issues/616"},{"reference_url":"http://www.debian.org/security/2014/dsa-2948","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2014/dsa-2948"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/05/01/15","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2014/05/01/15"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e293-3wep-hqc2"}