16 matches found
EUVD-2019-0113
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-13611
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
Fedora 38 : python-engineio (2022-8ca9330e57)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8ca9330e57 advisory. Automatic update for python-engineio-4.3.4-2.fc38. Changelog Thu Sep 15 2022 Benjamin A. Beasley 4.3.4-2 - Dont ship package-lock.json files with the example...
OPENSUSE-SU-2024:11260-1 python36-python-engineio-4.2.0-1.2 on GA media
These are all security issues fixed in the python36-python-engineio-4.2.0-1.2 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
WebSocket cross-origin vulnerability Impact This is a Cross-Site Request Forgery CSRF vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. Patches python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks...
DEBIAN-CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
PYSEC-2019-170
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
PYSEC-2019-170
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
CVE-2019-13611
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...
CVE-2019-13611
CVE-2019-13611 affects python-engineio up to version 3.8.2, enabling Cross-Site WebSocket Hijacking (CSWSH) where an attacker can open WebSocket connections using a victim’s credentials due to unrestricted Origin header. NVD lists CVSSv3 base score 8.8 (HIGH) with NETWORK attack vector, requires ...
PT-2019-4805 · Python · Python-Engineio
Name of the Vulnerable Software and Affected Versions: python-engineio versions 3.8.2 and earlier Description: The issue is related to a Cross-Site WebSocket Hijacking CSWSH vulnerability, also referred to as a Cross-Site Request Forgery CSRF vulnerability. This vulnerability allows attackers to...