Vulnerability Details CVE-2020-11020
Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It is patched in versions 1.0.4, 1.1.3 and 1.2.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.8%
CVSS Severity
CVSS v3 Score 8.5
CVSS v2 Score 7.5
References
Products affected by CVE-2020-11020
-
cpe:2.3:a:faye_project:faye:0.5.1
-
cpe:2.3:a:faye_project:faye:0.5.2
-
cpe:2.3:a:faye_project:faye:0.5.3
-
cpe:2.3:a:faye_project:faye:0.5.4
-
cpe:2.3:a:faye_project:faye:0.5.5
-
cpe:2.3:a:faye_project:faye:0.6.0
-
cpe:2.3:a:faye_project:faye:0.6.1
-
cpe:2.3:a:faye_project:faye:0.6.2
-
cpe:2.3:a:faye_project:faye:0.6.3
-
cpe:2.3:a:faye_project:faye:0.6.4
-
cpe:2.3:a:faye_project:faye:0.6.5
-
cpe:2.3:a:faye_project:faye:0.6.6
-
cpe:2.3:a:faye_project:faye:0.6.7
-
cpe:2.3:a:faye_project:faye:0.6.8
-
cpe:2.3:a:faye_project:faye:0.7.0
-
cpe:2.3:a:faye_project:faye:0.7.1
-
cpe:2.3:a:faye_project:faye:0.7.2
-
cpe:2.3:a:faye_project:faye:0.8.0
-
cpe:2.3:a:faye_project:faye:0.8.1
-
cpe:2.3:a:faye_project:faye:0.8.10
-
cpe:2.3:a:faye_project:faye:0.8.11
-
cpe:2.3:a:faye_project:faye:0.8.2
-
cpe:2.3:a:faye_project:faye:0.8.3
-
cpe:2.3:a:faye_project:faye:0.8.4
-
cpe:2.3:a:faye_project:faye:0.8.5
-
cpe:2.3:a:faye_project:faye:0.8.6
-
cpe:2.3:a:faye_project:faye:0.8.7
-
cpe:2.3:a:faye_project:faye:0.8.8
-
cpe:2.3:a:faye_project:faye:0.8.9
-
cpe:2.3:a:faye_project:faye:1.0.0
-
cpe:2.3:a:faye_project:faye:1.0.1
-
cpe:2.3:a:faye_project:faye:1.0.2
-
cpe:2.3:a:faye_project:faye:1.0.3
-
cpe:2.3:a:faye_project:faye:1.1.0
-
cpe:2.3:a:faye_project:faye:1.1.1
-
cpe:2.3:a:faye_project:faye:1.1.2
-
cpe:2.3:a:faye_project:faye:1.2.0
-
cpe:2.3:a:faye_project:faye:1.2.1
-
cpe:2.3:a:faye_project:faye:1.2.2
-
cpe:2.3:a:faye_project:faye:1.2.3
-
cpe:2.3:a:faye_project:faye:1.2.4