CVE-2018-6651

CVE: CVE-2018-6651
Published: 2018-02-05T22:29Z
Description Language: en
Description: In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions.
References:
https://github.com/chrisd1100/uncurl/commit/448cd13e7b18c83855d706c564341ddd1e38e769
https://github.com/chrisd1100/uncurl/releases/tag/0.07