Lucene search
GoogleOSV:PYSEC-2019-170HistoryJul 16, 2019 - 12:15 a.m.
PYSEC-2019-170
2019-07-1600:15:00
Google
osv.dev
9
EPSS
0.001
Percentile
31.5%
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim’s credentials, because the Origin header is not restricted.
Related
nvd
nvd
CVE-2019-13611
2019-07-16 00:15:10
github
github
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
2019-07-30 20:47:25
osv
osv
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
2019-07-30 20:47:25
CVE-2019-13611
2019-07-16 00:15:10
prion
prion
Cross site scripting
2019-07-16 00:15:00
debiancve
debiancve
CVE-2019-13611
2019-07-16 00:15:10
cve
cve
CVE-2019-13611
2019-07-16 00:15:10
cvelist
cvelist
CVE-2019-13611
2019-07-15 23:17:14
ubuntucve
ubuntucve
CVE-2019-13611
2019-07-16 00:00:00
veracode
veracode
Cross-Site WebSocket Hijacking (CSWSH)
2019-07-16 07:27:34