OSVDB-106526: Content-Type Insufficient Restrictions Bypass

April 24, 2014

There is a flaw in the json() function in bottle.py. The issue is due to the program using insufficient restrictions when parsing JSON content-types. This may allow a remote attacker to bypass access restrictions.

References

osvdb.org/show/osvdb/106526
github.com/defnull/bottle/issues/616

Code Behaviors & Features

Detect and mitigate OSVDB-106526 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →