PYSEC-2015-13

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/kallithea/PYSEC-2015-13.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2015-13

Aliases

CVE-2015-5285
GHSA-vfg9-phjp-9frw

Published

2015-10-29T20:59:00Z

Modified

2023-11-01T04:46:11.064445Z

Summary

[none]

Details

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.

References

http://packetstormsecurity.com/files/133897/Kallithea-0.2.9-HTTP-Response-Splitting.html
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5267.php
https://www.exploit-db.com/exploits/38424/
https://kallithea-scm.org/security/cve-2015-5285.html

Affected packages

PyPI / kallithea

Package

Name: kallithea; View open source insights on deps.dev
Purl: pkg:pypi/kallithea

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3

Affected versions

0.*

0.0

0.1

0.2

0.2.1

0.2.2

0.2.9

0.2.99-pre