PyPi: Kallithea

CVE-2015-5285

Safety vulnerability ID: 54104

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Oct 29, 2015 Updated at Dec 05, 2024

Scan your Python projects for vulnerabilities →

Advisory

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.

Affected package

kallithea

Latest version: 0.6.3

Kallithea is a fast and powerful management tool for Mercurial and Git with a built in push/pull server, full text search and code-review.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.0

CVSS v2 Details

MEDIUM 5.0

Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (Au): NONE
Confidentiality Impact (C): NONE
Integrity Impact (I): PARTIAL
Availability Impact (A): NONE