Published: 16/07/2019 Updated: 22/07/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in python-engineio up to and including 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows malicious users to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python-engineio project python-engineio

Debian Bug report logs - #932538 python-engineio: CVE-2019-13611 Package: src:python-engineio; Maintainer for src:python-engineio is Paulo Henrique de Lima Santana (phls) <paulo@phlscombr>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Jul 2019 12:12:01 UTC Severity: important Tags: security, ...

Github Profile README

👋 Hi there! Thanks for your interest! I'm always dreaming about contributing to humankind, open-source is the way how I achieve AWARDs 2020 The Most Neet citizen during COVID-19 pandemic Stay home for three months 2021 The Most Trusted Colleague 2022 Large PullRequest Winner CVEs CVE-2019-13611, CVE-2023-22970 Stats

CWE-352 https://github.com/miguelgrinberg/python-engineio/issues/128 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932538 https://nvd.nist.gov https://github.com/StoneMoe/StoneMoe

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-13611

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect