python-engineio is vulnerable to Cross-Site WebSocket Hijacking (CSWSH). A lack of validation in the Origin
header in the websocket connection request allows a remote attacker to hijack a websocket connection by exploiting the vulnerability similar to how a cross-site request forgery vulnerability is exploited.