CVE-2019-13611 (https://nvd.nist.gov/vuln/detail/CVE-2019-13611): An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1a36eef3377052cb6c30ef16dfd4465425e292b commit f1a36eef3377052cb6c30ef16dfd4465425e292b Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-04-22 01:18:47 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-04-22 01:19:27 +0000 dev-python/python-engineio: drop vulnerable version 2.2.0 Bug: https://bugs.gentoo.org/718810 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Zac Medico <zmedico@gentoo.org> dev-python/python-engineio/Manifest | 1 - .../python-engineio/python-engineio-2.2.0.ebuild | 27 ---------------------- 2 files changed, 28 deletions(-)
Thanks!
