WebSocket cross-origin vulnerability
This is a Cross-Site Request Forgery (CSRF) vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies.
python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks.
For more information
If you have any questions or comments about this advisory:
- Open an issue in python-engineio
- Vulnerable versions
- <= 3.8.2
- Patched version