Safety vulnerability ID: 37308
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of Python-socketio are vulnerable to Cross-Site WebSocket Hijacking (CSWSH), that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
Latest version: 5.11.4
Socket.IO server and client for Python
- Address potential websocket cross-origin attacks [128](https://github.com/miguelgrinberg/python-engineio/issues/128) ([commit](https://github.com/miguelgrinberg/python-engineio/commit/7548f704a0a3000b7ac8a6c88796c4ae58aa9c37))
- Documentation for the Same Origin security policy ([commit](https://github.com/miguelgrinberg/python-socketio/commit/045188c63dffeec82539354fd0498fca969e444e))
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application