DevSpace 信息泄露漏洞

DevSpace is a client developer tool for cloud-native development using Kubernetes, developed by DevSpace Inc. Versions prior to DevSpace 6.3.21 contained an information leakage vulnerability. This vulnerability stemmed from the UI server’s WebSocket feature, which accepts connections from all...

GHSA-J3JP-GVR5-7HWQ python-engineio vulnerable to Cross-Site Request Forgery (CSRF)

WebSocket cross-origin vulnerability Impact This is a Cross-Site Request Forgery CSRF vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. Patches python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks...