The Kallithea project takes security issues seriously. There are no publicly known vulnerabilities in the current version of Kallithea, and if a vulnerability is reported to us we work to rapidly fix it. However, some older versions of Kallithea have publicly known vulnerabilities; please upgrade to the current version.
Currently known security issues of older versions:
- CVE-2015-0260: API key of repository's creator exposed by get_repo API method
- CVE-2015-0276: Lack of CSRF attack protection enables gaining unauthorised access to users' accounts
- CVE-2015-5285: HTTP header injection
- CVE-2016-3114: Privilege escalation
- CVE-2016-3691: CSRF protection bypass
If you discover a vulnerability, please contact us at email@example.com