CVE-2022-31799: 
Python vulnerability analysis and mitigation

CVE-2022-31799 affects Bottle, a fast and simple WSGI micro web-framework for Python, versions before 0.12.20. The vulnerability was discovered by Elton Nokaj and involves mishandling of errors during early request binding (Debian Security). The issue was publicly disclosed in June 2022 and affects multiple distributions including Debian and Fedora.

The vulnerability has been assigned a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue is classified under CWE-755 (Improper Handling of Exceptional Conditions) and specifically relates to how the framework handles errors during the early request binding process (NVD).

The vulnerability could result in the disclosure of sensitive information due to incorrect error handling in the Bottle framework (Debian Security).

The vulnerability has been fixed in Bottle version 0.12.20 and later. Various distributions have released patched versions: Debian Buster (0.12.15-2+deb10u2), Debian Bullseye (0.12.19-1+deb11u1), Fedora 35 and 36 (0.12.21-2). Users are recommended to upgrade their python-bottle packages to the latest available version (Debian Security, Fedora Update).