VDB
CVE-2020-11020
CVE-2020-11020
PUBLISHED
Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It is patched in versions 1.0.4, 1.1.3 and 1.2.5.
EPSS 0.37% · 58.8th percentile
Risk Scores
EPSS Score
0.37%
58.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | ruby-faye | 0, 1.4.0-1 |
| Ubuntu:20.04:LTS | ruby-faye | 1.2.4-1, 0 |
| Ubuntu:24.04:LTS | ruby-faye | 0, 1.4.0-1 |
Exploit Intelligence
Timeline
- Apr 29, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-11020 third-party-advisory
- https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5 third-party-advisory
- https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-11020 third-party-advisory