Faye Websocket
1 CVEs
product
Monthly
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Information Disclosure
Faye Websocket
NVD
GitHub
CVSS 3.1
8.7
EPSS
0.9%
CVE-2020-15133
Ruby
EPSS 1%
CVSS 8.7
HIGH
POC
PATCH
This Week
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Information Disclosure
Faye Websocket
NVD
GitHub