Cross-Site Request Forgery (CSRF)
There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
Advisories for Pypi/Python-Engineio package
2019