CVE-2015-5285: Kallithea CRLF injection vulnerability

May 13, 2022 (updated September 27, 2024)

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.

References

github.com/NexMirror/Kallithea
github.com/advisories/GHSA-vfg9-phjp-9frw
github.com/pypa/advisory-database/tree/main/vulns/kallithea/PYSEC-2015-13.yaml
kallithea-scm.org/security/cve-2015-5285.html
nvd.nist.gov/vuln/detail/CVE-2015-5285
www.exploit-db.com/exploits/38424

Code Behaviors & Features

Detect and mitigate CVE-2015-5285 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →