Stonemoe

**Name of the Vulnerable Software and Affected Versions** Bottles versions prior to 51.0 **Description** The issue is related to the mishandling of YAML load, which can be exploited for remote code execution via a crafted file. **Recommendations** For versions prior to 51.0, update to version 51.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** python-engineio versions 3.8.2 and earlier **Description** The issue is related to a Cross-Site WebSocket Hijacking (CSWSH) vulnerability, also referred to as a Cross-Site Request Forgery (CSRF) vulnerability. This vulnerability allows attackers to make WebSocket connections to a server using a victim's credentials because the Origin header is not restricted. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. The vulnerability can be exploited by a remote attacker to perform arbitrary actions in the vulnerable system. **Recommendations** For python-engineio versions 3.8.2 and earlier, update to version 3.9.0, which patches this vulnerability by adding server-side Origin header checks. As a temporary workaround, consider not using cookies for client authentication, or add a CSRF token to the connection URL.