python-bottle-doc-0.12.25-5.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13210-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python-bottle-doc-0.12.25-5.1 on GA media These are all security issues fixed in the python-bottle-doc-0.12.25-5.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13210 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-28473/ SUSE CVE CVE-2020-28473 page https://www.suse.com/security/cve/CVE-2022-31799/ SUSE CVE CVE-2022-31799 page openSUSE Tumbleweed python-bottle-doc-0.12.25-5.1 python310-bottle-0.12.25-5.1 python311-bottle-0.12.25-5.1 python39-bottle-0.12.25-5.1 python-bottle-doc-0.12.25-5.1 as a component of openSUSE Tumbleweed python310-bottle-0.12.25-5.1 as a component of openSUSE Tumbleweed python311-bottle-0.12.25-5.1 as a component of openSUSE Tumbleweed python39-bottle-0.12.25-5.1 as a component of openSUSE Tumbleweed The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. CVE-2020-28473 openSUSE Tumbleweed:python-bottle-doc-0.12.25-5.1 openSUSE Tumbleweed:python310-bottle-0.12.25-5.1 openSUSE Tumbleweed:python311-bottle-0.12.25-5.1 openSUSE Tumbleweed:python39-bottle-0.12.25-5.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-28473.html CVE-2020-28473 https://bugzilla.suse.com/1182181 SUSE Bug 1182181 Bottle before 0.12.20 mishandles errors during early request binding. CVE-2022-31799 openSUSE Tumbleweed:python-bottle-doc-0.12.25-5.1 openSUSE Tumbleweed:python310-bottle-0.12.25-5.1 openSUSE Tumbleweed:python311-bottle-0.12.25-5.1 openSUSE Tumbleweed:python39-bottle-0.12.25-5.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-31799.html CVE-2022-31799 https://bugzilla.suse.com/1200286 SUSE Bug 1200286