CVE-2020-11020
Faye (NPM, RubyGem) up to versions before 1.0.4, 1.1.3, and 1.2.5 and older than 0.5.0 are vulnerable to an authentication bypass in the extension system. The issue allows a client to bypass server-side extension checks by appending extra segments to the message channel (e.g., through meta channe...