faye

RubyGems2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting fayepage 1 of 1

CVE-2020-11020HIGHCVSS 8.5EG 8.5✓ Fixed in 1.2.5
2020-04-29
vulnerable: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4
Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extens…
CVE-2020-15134HIGHCVSS 8.0EG 8.0✓ Fixed in 1.4.0
2020-07-31
vulnerable: 0.1.0 ... 1.3.0 (51 versions)
Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the `EM::Connection#start_tls` method in Eve…

Check whether faye is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for faye CVEs against the assets you own.

Start Free Scan →