Skip to content

Kallithea CRLF injection vulnerability

Moderate severity GitHub Reviewed Published May 13, 2022 to the GitHub Advisory Database • Updated Aug 2, 2023

Package

pip kallithea (pip)

Affected versions

< 0.3

Patched versions

0.3

Description

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.

References

Published by the National Vulnerability Database Oct 29, 2015
Published to the GitHub Advisory Database May 13, 2022
Last updated Aug 2, 2023
Reviewed Aug 2, 2023

Severity

Moderate

EPSS score

6.206%
(94th percentile)

Weaknesses

CVE ID

CVE-2015-5285

GHSA ID

GHSA-vfg9-phjp-9frw

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.