CVE-2016-3691
Kallithea is affected by CVE-2016-3691. Before version 0.3.2, routes can bypass CSRF protection when using GET requests, enabling remote CSRF bypass. The issue is tied to Kallithea’s routing/CSRF handling, allowing an attacker to trigger state-changing actions via simple GET requests. Remediation...