Опубликовано: 13 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 8.9
CVSS3: 9.8
Описание
Kallithea CRLF injection vulnerability
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-5285
- https://github.com/pypa/advisory-database/tree/main/vulns/kallithea/PYSEC-2015-13.yaml
- https://kallithea-scm.org/security/cve-2015-5285.html
- https://www.exploit-db.com/exploits/38424
- http://packetstormsecurity.com/files/133897/Kallithea-0.2.9-HTTP-Response-Splitting.html
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5267.php
Пакеты
Наименование
kallithea
pip
Затронутые версииВерсия исправления
< 0.3
0.3
Связанные уязвимости
nvd
больше 10 лет назад
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.
debian
больше 10 лет назад
CRLF injection vulnerability in Kallithea before 0.3 allows remote att ...