logo
DATABASE RESOURCES PRICING ABOUT US

Improper SSL Certificate Verification

Description

faye is vulnerable to improper SSL certificate validation. The vulnerability exists as it does not implement certificate verification by default, allowing any hostname in the `wss:` connection made by the `Faye::WebSocket::Client` to be made unvalidated.


Affected Software


CPE Name Name Version
faye 1.3.0
faye 1.1.0
ruby-faye:sid 1.2.4-1
ruby-faye:bullseye 1.2.4-1
faye 1.3.0
faye 1.1.0
ruby-faye:sid 1.2.4-1
ruby-faye:bullseye 1.2.4-1

Related