Skip to main content

Faye

2 CVEs product

Monthly

CVE-2020-15134 Ruby HIGH POC PATCH This Week

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Faye
NVD GitHub
CVSS 3.1
8.7
EPSS
0.9%
CVE-2020-11020 Ruby CRITICAL POC PATCH Act Now

Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Authentication Bypass Faye
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
EPSS 1% CVSS 8.7
HIGH POC PATCH This Week

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Faye
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Authentication Bypass Faye
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy