Preface: Smart apps like your friend whenever you need one. Download the app and get a ride from a friendly driver within minutes.
Vulnerability details: A vulnerability in python-engineio could allow an unauthenticated, remote attacker to conduct a cross-site websocket hijacking (CSWSH) attack on a targeted system.
Design flaw: Cross-Origin Resource Sharing (CORS) headers are only works in XHR requests, and ignored by clients during a websocket connection.
Current status: The vendor has confirmed the vulnerability; but remedy not available yet!