Lucene search
Veracode Vulnerability DatabaseVERACODE:20837HistoryJul 16, 2019 - 7:27 a.m.
Cross-Site WebSocket Hijacking (CSWSH)
2019-07-1607:27:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
EPSS
0.001
Percentile
31.5%
python-engineio is vulnerable to Cross-Site WebSocket Hijacking (CSWSH). A lack of validation in the Origin header in the websocket connection request allows a remote attacker to hijack a websocket connection by exploiting the vulnerability similar to how a cross-site request forgery vulnerability is exploited.
Related
ubuntucve
ubuntucve
CVE-2019-13611
2019-07-16 00:00:00
osv
osv
PYSEC-2019-170
2019-07-16 00:15:00
python310-python-engineio-4.3.4-3.3 on GA media
2024-07-12 00:00:00
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
2019-07-30 20:47:25
github
github
python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
2019-07-30 20:47:25
nvd
nvd
CVE-2019-13611
2019-07-16 00:15:10
prion
prion
Cross site scripting
2019-07-16 00:15:00
debiancve
debiancve
CVE-2019-13611
2019-07-16 00:15:10
cvelist
cvelist
CVE-2019-13611
2019-07-15 23:17:14
cve
cve
CVE-2019-13611
2019-07-16 00:15:10