CVE

CVE-2018-6651

admin

CVE-2018-6651

In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions.

Source: CVE-2018-6651

Exit mobile version