2 matches found
UBUNTU-CVE-2020-15133
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...
Improper Certificate Validation
Overview faye-websocket is a Standards-compliant WebSocket server and client. Affected versions of this package are vulnerable to Improper Certificate Validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS...