VYPR

PyPI package

kotti

pkg:pypi/kotti

Vulnerabilities (1)

  • CVE-2018-9856HigApr 9, 2018
    affected < 1.3.2fixed 1.3.2

    Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.