{"id":"GHSA-799h-qr84-pcrp","summary":"Kallithea Routes CSRF Bypass","details":"Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.","aliases":["CVE-2016-3691"],"modified":"2024-02-16T08:03:29.226767Z","published":"2022-05-13T01:26:14Z","database_specific":{"github_reviewed_at":"2023-07-31T18:23:01Z","nvd_published_at":"2017-04-24T18:59:00Z","severity":"HIGH","cwe_ids":["CWE-352"],"github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3691"},{"type":"PACKAGE","url":"https://github.com/NexMirror/Kallithea"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/05/02/3"}],"affected":[{"package":{"name":"kallithea","ecosystem":"PyPI","purl":"pkg:pypi/kallithea"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.2"}]}],"versions":["0.0","0.1","0.2","0.2.1","0.2.2","0.2.9","0.2.99-pre","0.3","0.3.1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-799h-qr84-pcrp/GHSA-799h-qr84-pcrp.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}