faye-websocket is vulnerable to improper SSL certificate validation. The vulnerability exists as it does not implement certificate verification by default, allowing any hostname in the wss:
connection made by the Faye::WebSocket::Client
to be made unvalidated.