Advisories for Pypi/Kallithea package

2022

Kallithea CRLF injection vulnerability

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.

Cross-Site Request Forgery (CSRF)

Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.