{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37666?format=json","vulnerability_id":"VCID-ep11-vjnf-cfb5","summary":"Content-Type Insufficient Restrictions Bypass\nThere is a flaw in the json() function in bottle.py. The issue is due to the program using insufficient restrictions when parsing JSON content-types. This may allow a remote attacker to bypass access restrictions.","aliases":[{"alias":"OSVDB-106526"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/8680?format=json","purl":"pkg:pypi/bottle@0.11.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.7"},{"url":"http://public2.vulnerablecode.io/api/packages/8681?format=json","purl":"pkg:pypi/bottle@0.12.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dww-auab-gbaa"},{"vulnerability":"VCID-6f4p-1f4y-ryag"},{"vulnerability":"VCID-yhx1-tap2-h7bb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.12.6"}],"affected_packages":[],"references":[{"reference_url":"http://osvdb.org/show/osvdb/106526","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/show/osvdb/106526"},{"reference_url":"https://github.com/defnull/bottle/issues/616","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/defnull/bottle/issues/616"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ep11-vjnf-cfb5"}