VYPR

home-assistant-js-websocket

by Jpettitt

CVEs (1)

  • CVE-2023-41896HigOct 19, 2023
    risk 0.46cvss 7.1epss 0.00

    Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected `auth_callback=1`, which is leveraged by the WebSocket authentication logic in tandem with the `state` parameter. The state parameter contains the…