CVE-2020-11020
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-11020
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11020.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-11020
- Aliases
- Related
- Published
- 2020-04-29T18:15:13Z
- Modified
- 2024-09-18T03:06:12.644538Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It is patched in versions 1.0.4, 1.1.3 and 1.2.5.
- References
Affected packages
Debian:11 / ruby-faye
Package
- Name
- ruby-faye
- Purl
- pkg:deb/debian/ruby-faye?arch=source
Debian:12 / ruby-faye
Package
- Name
- ruby-faye
- Purl
- pkg:deb/debian/ruby-faye?arch=source
Debian:13 / ruby-faye
Package
- Name
- ruby-faye
- Purl
- pkg:deb/debian/ruby-faye?arch=source
Git / github.com/faye/faye
Affected ranges
- Type
- GIT
- Repo
- https://github.com/faye/faye
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.0
0.1.1
0.2.0
0.2.1
0.2.2
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.7.0
0.7.1
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.8.8
0.8.9
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.1.1
1.1.2
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4