CVE-2018-6651
CVE-2018-6651 affects uncurl (uncurl.c) in uncurl before 0.07, as used in Parsec before 140-3. The issue is insufficient Origin header validation for WebSocket API requests (accepting an arbitrary substring match), which enables remote attackers to bypass access restrictions and, in Parsec, could...