CVE-2016-3691: Cross-Site Request Forgery (CSRF)

May 13, 2022 (updated July 31, 2023)

Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.

References

www.openwall.com/lists/oss-security/2016/05/02/3
github.com/advisories/GHSA-799h-qr84-pcrp
nvd.nist.gov/vuln/detail/CVE-2016-3691

Detect and mitigate CVE-2016-3691 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →