VYPR

RubyGems package

faye-websocket

pkg:gem/faye-websocket

Vulnerabilities (1)

  • CVE-2020-15133Jul 31, 2020
    affected < 0.11.0fixed 0.11.0

    In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection.