CVE-2019-13611: python-engineio vulnerable to Cross-Site Request Forgery (CSRF)
(updated )
This is a Cross-Site Request Forgery (CSRF) vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies.
References
- github.com/advisories/GHSA-j3jp-gvr5-7hwq
- github.com/miguelgrinberg/python-engineio
- github.com/miguelgrinberg/python-engineio/issues/128
- github.com/miguelgrinberg/python-engineio/security/advisories/GHSA-j3jp-gvr5-7hwq
- github.com/pypa/advisory-database/tree/main/vulns/python-engineio/PYSEC-2019-170.yaml
- nvd.nist.gov/vuln/detail/CVE-2019-13611
Code Behaviors & Features
Detect and mitigate CVE-2019-13611 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →