21 matches found
ROOT-APP-NPM-CVE-2022-41940 CVE-2022-41940 in @rootio/engine.io - Patched by Root
Root has patched CVE-2022-41940 in the @rootio/engine.io package for Root:npm. Multiple fixed versions available...
EUVD-2019-0113
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-13611
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
Fedora 38 : python-engineio (2022-8ca9330e57)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8ca9330e57 advisory. Automatic update for python-engineio-4.3.4-2.fc38. Changelog Thu Sep 15 2022 Benjamin A. Beasley 4.3.4-2 - Dont ship package-lock.json files with the example...
OPENSUSE-SU-2024:14157-1 python310-python-engineio-4.3.4-3.3 on GA media
These are all security issues fixed in the python310-python-engineio-4.3.4-3.3 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11260-1 python36-python-engineio-4.2.0-1.2 on GA media
These are all security issues fixed in the python36-python-engineio-4.2.0-1.2 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
WebSocket cross-origin vulnerability Impact This is a Cross-Site Request Forgery CSRF vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. Patches python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
DEBIAN-CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
Cross site scripting
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
PYSEC-2019-170
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
UBUNTU-CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
PYSEC-2019-170
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
CVE-2019-13611
CVE-2019-13611 affects python-engineio up to version 3.8.2, enabling Cross-Site WebSocket Hijacking (CSWSH) where an attacker can open WebSocket connections using a victim’s credentials due to unrestricted Origin header. NVD lists CVSSv3 base score 8.8 (HIGH) with NETWORK attack vector, requires ...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...