faye is vulnerable to authentication bypass. The vulnerability exists through the way Faye server recognizes meta channels, treating a message to any channel that is a prefix-match for one of the special channels /meta/handshake
, /meta/connect
, /meta/subscribe
, /meta/unsubscribe
, /meta/disconnect
.