Routes in Kallithea prior to 0.3.2 allows remote malicious users to bypass the CSRF protection by using the GET HTTP request method.
kallithea-scm kallithea