CVE-2016-3691by Jeremyin Security Bulletinson Posted on April 24, 2017 Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.