CVE-2016-9964 (bottle)
redirect() in bottle.py in bottle 0.12.10 doesn’t filter a "rn" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233rnSet-Cookie: name=salt") call.
Source: CVE-2016-9964 (bottle)
CVE-2016-9964 (bottle)
redirect() in bottle.py in bottle 0.12.10 doesn’t filter a "rn" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233rnSet-Cookie: name=salt") call.
Source: CVE-2016-9964 (bottle)