CVE-2018-6651

CVE-2018-6651

In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions.

Source: CVE-2018-6651

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다