Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 718810 (CVE-2019-13611) - <dev-python/python-engineio-3.12.1: Cross-site websocket hijacking (CVE-2019-13611)
Summary: <dev-python/python-engineio-3.12.1: Cross-site websocket hijacking (CVE-2019-...
Alias: CVE-2019-13611
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~4 [cve]
Depends on:
Reported: 2020-04-22 00:54 UTC by GLSAMaker/CVETool Bot
Modified: 2020-06-08 04:08 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-22 00:54:09 UTC
CVE-2019-13611 (
  An issue was discovered in python-engineio through 3.8.2. There is a
  Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers
  to make WebSocket connections to a server by using a victim's credentials,
  because the Origin header is not restricted.
Comment 1 Larry the Git Cow gentoo-dev 2020-04-22 01:20:21 UTC
The bug has been referenced in the following commit(s):

commit f1a36eef3377052cb6c30ef16dfd4465425e292b
Author:     Zac Medico <>
AuthorDate: 2020-04-22 01:18:47 +0000
Commit:     Zac Medico <>
CommitDate: 2020-04-22 01:19:27 +0000

    dev-python/python-engineio: drop vulnerable version 2.2.0
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Zac Medico <>

 dev-python/python-engineio/Manifest                |  1 -
 .../python-engineio/python-engineio-2.2.0.ebuild   | 27 ----------------------
 2 files changed, 28 deletions(-)
Comment 2 Sam James archtester gentoo-dev Security 2020-06-08 04:08:41 UTC