Vulnerabilities > Uncurl Project > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-05 | CVE-2018-6651 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. | 9.3 |