Vulnerabilities > Uncurl Project > Uncurl > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-02-05 CVE-2018-6651 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions.
9.3