20 matches found
OPENSUSE-SU-2026:11170-1 python311-python-engineio-4.13.3-1.1 on GA media
These are all security issues fixed in the python311-python-engineio-4.13.3-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:21182-1 Security update for python-python-engineio
This update for python-python-engineio fixes the following issues: Changes in python-python-engineio: - CVE-2026-48802: remote user can cause the creation of unnecessary background threads in the server through the heartbeat mechanism and cause a DoS bsc1269544 - CVE-2026-48809: size of incoming...
GHSA-CGWC-PV48-FHJ5 python-engineio has unbound thread allocation that can cause denial of service
Impact An attacker can cause the creation of unnecessary background threads in the python-engineio server by exploiting the heartbeat mechanism, which launches a thread when a new connection is received, and when the client sends a PONG packet. Note: this issue primarily affects synchronous...
GHSA-M9GH-VJ53-GVH9 python-engineio has possible denial of service due to maximum payload size sometimes not being enforced
Impact There are two specific configurations of the python-engineio server in which the size of incoming messages is not checked before the messages are loaded into memory. An attacker can take advantage of these to cause unnecessary memory allocations in the python-engineio server. The two cases...
EUVD-2019-0113
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-13611
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
Fedora 38 : python-engineio (2022-8ca9330e57)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8ca9330e57 advisory. Automatic update for python-engineio-4.3.4-2.fc38. Changelog Thu Sep 15 2022 Benjamin A. Beasley 4.3.4-2 - Dont ship package-lock.json files with the example...
OPENSUSE-SU-2024:11260-1 python36-python-engineio-4.2.0-1.2 on GA media
These are all security issues fixed in the python36-python-engineio-4.2.0-1.2 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
WebSocket cross-origin vulnerability Impact This is a Cross-Site Request Forgery CSRF vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. Patches python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
DEBIAN-CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
PYSEC-2019-170
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
PYSEC-2019-170
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
CVE-2019-13611
CVE-2019-13611 affects python-engineio up to version 3.8.2, enabling Cross-Site WebSocket Hijacking (CSWSH) where an attacker can open WebSocket connections using a victim’s credentials due to unrestricted Origin header. NVD lists CVSSv3 base score 8.8 (HIGH) with NETWORK attack vector, requires ...
PT-2019-4805 · Python · Python-Engineio
Name of the Vulnerable Software and Affected Versions: python-engineio versions 3.8.2 and earlier Description: The issue is related to a Cross-Site WebSocket Hijacking CSWSH vulnerability, also referred to as a Cross-Site Request Forgery CSRF vulnerability. This vulnerability allows attackers to...