Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(socketManager): Fix checking Origin header #791

Merged
merged 1 commit into from Dec 19, 2021
Merged

fix(socketManager): Fix checking Origin header #791

merged 1 commit into from Dec 19, 2021

Conversation

rxri
Copy link
Contributor

@rxri rxri commented Dec 18, 2021

  • Checking if Origin isn't here allows to deny requests that are coming from websites since Extension doesn't send Origin header.

Resolves #790

With patch:
image

Without patch:
image

* Checking if Origin isn't here allows to deny requests that are coming from websites since Extension doesn't send Origin header.
@rxri rxri requested a review from Timeraa as a code owner December 18, 2021 20:32
@Bas950 Bas950 added the security Pull requests that address a security vulnerability label Dec 18, 2021
@Timeraa Timeraa merged commit 0f3af21 into PreMiD:main Dec 19, 2021
1 check passed
@rxri rxri deleted the patch-server branch December 19, 2021 16:49
@rxri
Copy link
Contributor Author

rxri commented Feb 20, 2022

This is now public CVE: https://www.cve.org/CVERecord?id=CVE-2021-46701

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security Pull requests that address a security vulnerability
Development

Successfully merging this pull request may close these issues.

[Vulnerability] Server (socket.io) is possible to be accessed from socket.io client
3 participants