Lucene search
K

20 matches found

OSV
OSV
added 2026/07/01 12:0 a.m.3 views

OPENSUSE-SU-2026:11170-1 python311-python-engineio-4.13.3-1.1 on GA media

These are all security issues fixed in the python311-python-engineio-4.13.3-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/30 11:31 a.m.2 views

OPENSUSE-SU-2026:21182-1 Security update for python-python-engineio

This update for python-python-engineio fixes the following issues: Changes in python-python-engineio: - CVE-2026-48802: remote user can cause the creation of unnecessary background threads in the server through the heartbeat mechanism and cause a DoS bsc1269544 - CVE-2026-48809: size of incoming...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/06/26 8:51 p.m.4 views

GHSA-CGWC-PV48-FHJ5 python-engineio has unbound thread allocation that can cause denial of service

Impact An attacker can cause the creation of unnecessary background threads in the python-engineio server by exploiting the heartbeat mechanism, which launches a thread when a new connection is received, and when the client sends a PONG packet. Note: this issue primarily affects synchronous...

7.5CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/26 8:48 p.m.2 views

GHSA-M9GH-VJ53-GVH9 python-engineio has possible denial of service due to maximum payload size sometimes not being enforced

Impact There are two specific configurations of the python-engineio server in which the size of incoming messages is not checked before the messages are loaded into memory. An attacker can take advantage of these to cause unnecessary memory allocations in the python-engineio server. The two cases...

7.5CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-0113

Malware in sbrugna...

8.8CVSS8.6AI score0.00828EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2019-13611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket...

8.8CVSS6.9AI score0.00828EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:12 a.m.17 views

CVE-2019-13611

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS6.6AI score0.00828EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.10 views

Fedora 38 : python-engineio (2022-8ca9330e57)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8ca9330e57 advisory. Automatic update for python-engineio-4.3.4-2.fc38. Changelog Thu Sep 15 2022 Benjamin A. Beasley 4.3.4-2 - Dont ship package-lock.json files with the example...

7.8CVSS6.9AI score0.03346EPSS
Exploits1References2
OSV
OSV
added 2024/06/15 12:0 a.m.4 views

OPENSUSE-SU-2024:11260-1 python36-python-engineio-4.2.0-1.2 on GA media

These are all security issues fixed in the python36-python-engineio-4.2.0-1.2 package on the GA media of openSUSE Tumbleweed...

8.8CVSS8.8AI score0.00828EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:10 a.m.6 views

SUSE CVE-2019-13611

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

5.8CVSS9.2AI score0.00828EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2019/07/30 8:47 p.m.44 views

python-engineio vulnerable to Cross-Site Request Forgery (CSRF)

WebSocket cross-origin vulnerability Impact This is a Cross-Site Request Forgery CSRF vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. Patches python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks...

8.8CVSS2.1AI score0.00828EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2019/07/16 12:15 a.m.24 views

CVE-2019-13611

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS8.6AI score0.00828EPSS
Exploits0References1
OSV
OSV
added 2019/07/16 12:15 a.m.19 views

CVE-2019-13611

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS8.5AI score
Exploits0References1
OSV
OSV
added 2019/07/16 12:15 a.m.2 views

DEBIAN-CVE-2019-13611

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS8.3AI score0.00828EPSS
Exploits0References1
PyPA
PyPA
added 2019/07/16 12:15 a.m.7 views

PYSEC-2019-170

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS6.9AI score0.00828EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2019/07/16 12:15 a.m.26 views

CVE-2019-13611

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS6.9AI score0.00828EPSS
Exploits0References2
OSV
OSV
added 2019/07/16 12:15 a.m.23 views

PYSEC-2019-170

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS4.2AI score0.00828EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/07/15 11:17 p.m.31 views

CVE-2019-13611

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.6AI score0.00828EPSS
Exploits0References1
CVE
CVE
added 2019/07/15 11:17 p.m.211 views

CVE-2019-13611

CVE-2019-13611 affects python-engineio up to version 3.8.2, enabling Cross-Site WebSocket Hijacking (CSWSH) where an attacker can open WebSocket connections using a victim’s credentials due to unrestricted Origin header. NVD lists CVSSv3 base score 8.8 (HIGH) with NETWORK attack vector, requires ...

8.8CVSS8.4AI score0.00828EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/15 12:0 a.m.10 views

PT-2019-4805 · Python · Python-Engineio

Name of the Vulnerable Software and Affected Versions: python-engineio versions 3.8.2 and earlier Description: The issue is related to a Cross-Site WebSocket Hijacking CSWSH vulnerability, also referred to as a Cross-Site Request Forgery CSRF vulnerability. This vulnerability allows attackers to...

9.8CVSS6.7AI score0.64284EPSS
Exploits7References161
Rows per page
Query Builder