diff --git a/CVE-2022-31799.patch b/CVE-2022-31799.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a508f4e4d7f9ffc7308141c86f083c2105f09378
--- /dev/null
+++ b/CVE-2022-31799.patch
@@ -0,0 +1,40 @@
+From e140e1b54da721a660f2eb9d58a106b7b3ff2f00 Mon Sep 17 00:00:00 2001
+From: Marcel Hellkamp <marc@gsites.de>
+Date: Thu, 26 May 2022 14:49:32 +0200
+Subject: [PATCH] Gracefully handle errors during early request binding.
+
+---
+ bottle.py | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/bottle.py b/bottle.py
+index 04ccf7da..035f99ec 100644
+--- a/bottle.py
++++ b/bottle.py
+@@ -848,17 +848,19 @@ def default_error_handler(self, res):
+         return tob(template(ERROR_PAGE_TEMPLATE, e=res))
+ 
+     def _handle(self, environ):
+-        path = environ['bottle.raw_path'] = environ['PATH_INFO']
+-        if py3k:
+-            try:
+-                environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
+-            except UnicodeError:
+-                return HTTPError(400, 'Invalid path string. Expected UTF-8')
+-
+         try:
++
+             environ['bottle.app'] = self
+             request.bind(environ)
+             response.bind()
++
++            path = environ['bottle.raw_path'] = environ['PATH_INFO']
++            if py3k:
++                try:
++                    environ['PATH_INFO'] = path.encode('latin1').decode('utf8')
++                except UnicodeError:
++                    return HTTPError(400, 'Invalid path string. Expected UTF-8')
++
+             try:
+                 self.trigger_hook('before_request')
+                 route, args = self.router.match(environ)
diff --git a/python-bottle.spec b/python-bottle.spec
index acb24f122e4c3538c085584e033938d9c2f8d1ae..68db8017539e9362f1b088f048701a85e14b9954 100644
--- a/python-bottle.spec
+++ b/python-bottle.spec
@@ -1,11 +1,13 @@
 Name:           python-bottle
 Version:        0.12.13
-Release:        8
+Release:        9
 Summary:        WSGI micro web-framework for Python.
 License:        MIT
 URL:            http://bottlepy.org
 Source0:        https://github.com/bottlepy/bottle/archive/%{version}/bottle-%{version}.tar.gz
 Patch0000:      CVE-2020-28473.patch
+#https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00
+Patch0001:      CVE-2022-31799.patch
 BuildArch:      noarch
 BuildRequires:  python2-devel python2-setuptools python3-devel python3-setuptools
 
@@ -60,6 +62,9 @@ sed -i '/^#!/d' bottle.py
 %{python3_sitelib}/*
 
 %changelog
+* Tue Jun 14 2022 yaoxin <yaoxin30@h-partners.com> - 0.12.13-9
+- - Fix CVE-2022-31799
+
 * Fri Feb 19 2021 zhanghua <zhanghua40@huawei.com> - 0.12.13-8
 - fix CVE-2020-28473